Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-1996 (GCVE-0-2022-1996)
Vulnerability from cvelistv5 – Published: 2022-06-06 00:00 – Updated: 2024-08-03 00:24
VLAI
EPSS
Title
Authorization Bypass Through User-Controlled Key in emicklei/go-restful
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Severity
9.3 (Critical)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/be837427-415c-4d8c-808… | |
| https://github.com/emicklei/go-restful/commit/fd3… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2022092… | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| emicklei | emicklei/go-restful |
Affected:
unspecified , < v3.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-6550d9323b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "emicklei/go-restful",
"vendor": "emicklei",
"versions": [
{
"lessThan": "v3.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1"
},
{
"url": "https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10"
},
{
"name": "FEDORA-2022-185697ef56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/"
},
{
"name": "FEDORA-2022-589a0ad690",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220923-0005/"
},
{
"name": "FEDORA-2023-6550d9323b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/"
},
{
"name": "FEDORA-2023-4e2068ba5d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/"
},
{
"name": "FEDORA-2023-c9b2182a4e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/"
}
],
"source": {
"advisory": "be837427-415c-4d8c-808b-62ce20aa84f1",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in emicklei/go-restful"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1996",
"datePublished": "2022-06-06T00:00:00.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-1996",
"date": "2026-06-02",
"epss": "0.00963",
"percentile": "0.7685"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.16.0\", \"matchCriteriaId\": \"23CD29C7-E4EC-47EF-8D44-4976CC43789C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.8.0\", \"matchCriteriaId\": \"9244D03B-7D8E-4215-9BBC-0E78B70C4EEC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.\"}, {\"lang\": \"es\", \"value\": \"Una Omisi\\u00f3n de la Autorizaci\\u00f3n Mediante una Clave Controlada por el Usuario en el repositorio GitHub emicklei/go-restful versiones anteriores a v3.8.0\"}]",
"id": "CVE-2022-1996",
"lastModified": "2024-11-21T06:41:54.873",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.8}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-06-08T13:15:07.987",
"references": "[{\"url\": \"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220923-0005/\", \"source\": \"security@huntr.dev\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220923-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1996\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2022-06-08T13:15:07.987\",\"lastModified\":\"2024-11-21T06:41:54.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.\"},{\"lang\":\"es\",\"value\":\"Una Omisi\u00f3n de la Autorizaci\u00f3n Mediante una Clave Controlada por el Usuario en el repositorio GitHub emicklei/go-restful versiones anteriores a v3.8.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.16.0\",\"matchCriteriaId\":\"23CD29C7-E4EC-47EF-8D44-4976CC43789C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-restful_project:go-restful:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.8.0\",\"matchCriteriaId\":\"9244D03B-7D8E-4215-9BBC-0E78B70C4EEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0005/\",\"source\":\"security@huntr.dev\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022_6042
Vulnerability from csaf_redhat - Published: 2022-08-10 11:39 - Updated: 2024-12-17 22:00Summary
Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.24.0
Severity
Important
Notes
Topic: Release of OpenShift Serverless Client kn 1.24.0
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
- go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
- golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
- golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact; a CVSS
score; acknowledgments; and other related information refer to the CVE page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
98 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Client kn 1.24.0\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n- go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n- golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n- golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n- golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n- golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n- golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n- golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n- golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n- golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n- golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n- golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact; a CVSS\nscore; acknowledgments; and other related information refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6042",
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2108527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108527"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6042.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.24.0",
"tracking": {
"current_release_date": "2024-12-17T22:00:26+00:00",
"generator": {
"date": "2024-12-17T22:00:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2022:6042",
"initial_release_date": "2022-08-10T11:39:17+00:00",
"revision_history": [
{
"date": "2022-08-10T11:39:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-08-10T11:39:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:00:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Serverless 1.0",
"product": {
"name": "Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:serverless:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.3.1-4.el8.src",
"product": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.src",
"product_id": "openshift-serverless-clients-0:1.3.1-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.3.1-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.3.1-4.el8.x86_64",
"product": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.x86_64",
"product_id": "openshift-serverless-clients-0:1.3.1-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.3.1-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"product": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"product_id": "openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.3.1-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"product": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"product_id": "openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-serverless-clients@1.3.1-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.ppc64le as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le"
},
"product_reference": "openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.s390x as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x"
},
"product_reference": "openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.src as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src"
},
"product_reference": "openshift-serverless-clients-0:1.3.1-4.el8.src",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-clients-0:1.3.1-4.el8.x86_64 as a component of Red Hat OpenShift Serverless 1.0",
"product_id": "8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
},
"product_reference": "openshift-serverless-clients-0:1.3.1-4.el8.x86_64",
"relates_to_product_reference": "8Base-Openshift-Serverless-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-08-10T11:39:17+00:00",
"details": "See the Red Hat OpenShift Container Platform 4.6 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.7 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.8 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.9 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\nSee the Red Hat OpenShift Container Platform 4.10 documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index",
"product_ids": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.ppc64le",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.s390x",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.src",
"8Base-Openshift-Serverless-1:openshift-serverless-clients-0:1.3.1-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2022_6351
Vulnerability from csaf_redhat - Published: 2022-09-06 14:00 - Updated: 2024-11-25 08:02Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.5 images:
RHEL-8-CNV-4.10
===============
cluster-network-addons-operator-container-v4.10.5-1
kubemacpool-container-v4.10.5-1
virt-cdi-importer-container-v4.10.5-1
hyperconverged-cluster-operator-container-v4.10.5-1
hostpath-provisioner-operator-container-v4.10.5-1
virtio-win-container-v4.10.5-1
virt-cdi-cloner-container-v4.10.5-1
kubevirt-ssp-operator-container-v4.10.5-1
cnv-containernetworking-plugins-container-v4.10.5-1
hyperconverged-cluster-webhook-container-v4.10.5-1
virt-cdi-apiserver-container-v4.10.5-1
ovs-cni-plugin-container-v4.10.5-1
virt-cdi-uploadserver-container-v4.10.5-1
virt-cdi-uploadproxy-container-v4.10.5-1
virt-cdi-controller-container-v4.10.5-1
kubevirt-template-validator-container-v4.10.5-1
virt-cdi-operator-container-v4.10.5-1
hostpath-provisioner-container-v4.10.5-1
hostpath-csi-driver-container-v4.10.5-1
kubernetes-nmstate-handler-container-v4.10.5-1
ovs-cni-marker-container-v4.10.5-1
bridge-marker-container-v4.10.5-1
node-maintenance-operator-container-v4.10.5-1
cnv-must-gather-container-v4.10.5-2
virt-controller-container-v4.10.5-3
virt-api-container-v4.10.5-3
virt-handler-container-v4.10.5-3
virt-operator-container-v4.10.5-3
virt-artifacts-server-container-v4.10.5-3
virt-launcher-container-v4.10.5-3
libguestfs-tools-container-v4.10.5-3
hco-bundle-registry-container-v4.10.5-6
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.
7.7 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 | — |
Threats
Impact
Important
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 | — |
Threats
Impact
Important
References
18 references
Acknowledgments
NCC Group
Oliver Brooks and James Klopchic
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6351",
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2099324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099324"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118367"
},
{
"category": "external",
"summary": "2120061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120061"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-11-25T08:02:28+00:00",
"generator": {
"date": "2024-11-25T08:02:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6351",
"initial_release_date": "2022-09-06T14:00:38+00:00",
"revision_history": [
{
"date": "2022-09-06T14:00:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-06T14:00:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:02:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.10 for RHEL 8",
"product": {
"name": "CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.10.5-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.10.5-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.10.5-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-06T14:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-06T14:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2022_8609
Vulnerability from csaf_redhat - Published: 2022-11-22 19:03 - Updated: 2024-11-25 08:02Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.9.7 images.
Security Fix(es):
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64 | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64 | — |
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains OpenShift Virtualization 4.9.7 images.\n\nSecurity Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8609",
"url": "https://access.redhat.com/errata/RHSA-2022:8609"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2130218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130218"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8609.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update",
"tracking": {
"current_release_date": "2024-11-25T08:02:35+00:00",
"generator": {
"date": "2024-11-25T08:02:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8609",
"initial_release_date": "2022-11-22T19:03:41+00:00",
"revision_history": [
{
"date": "2022-11-22T19:03:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-22T19:03:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:02:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 8",
"product": {
"name": "CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.7-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.7-50"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"product_id": "container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.7-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.7-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"product": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64",
"product": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64",
"product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64",
"product": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64",
"product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.7-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64"
},
"product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64"
},
"product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64"
},
"product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:95f6b48f3b497ff38ce618b7461d415b8b1c93822dac22635ee72b7189f61489_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:b5b65faeedf99f08ca151552678dde8348292b97cfdfb1d2fef89ef8390c8a12_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:db3d06df3dab3a08dd3c404a61c616ad5b7ab3972109fd9ef72a9acf309cfdb6_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:eb1542e163a1e119457c1468accf8f60a0b5a934d9059728e6059ad4f2b24cf0_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:00a5c0e1db2d38bc260c28ea661e12672a87fabdb31fbea44918e7c78fd9385a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:c79fbbe514a1879cc33eaf16225d56fe8d15b14bf2f334c7e82861298b63da85_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:a4368df767657c16b81652b14da5768a03a590e70bc0f694e64e5ef815884443_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:215c25601c8f1249550365048d6eee4a76419b1a5f6e3b8ff9562db7d60753b7_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:26ab4f997a9679a0316bb5b3f7fd4336e42737ac221b38500b24cebe07dbf037_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:ae35f9d9c9a31d54e005009f70e9317d3f57fd71cacaa7919e534d6e16bd485a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:37ebc772387b400029c0c15cf564dfb3b9d9478e7354522e6038cb98cd42303e_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:7ed7085b8c1266553a0fcc2a52fd03f4139d2929dc05885b3c4b8c2b5809e000_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:a9767ca3a53e0dab656d334cc97e9496f40ab82535bdceec320c5048e6de89c8_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:0e26d1b45c7bf62470d14c01d75d9de349239e8450888017209ca496985457c0_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:6e6732ea9720213d635a250c3545e5c9b0a8a3b6943184e9734e0ada7d0a02a2_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:59063046badee8e32d93a11a66de46c2a571705947f5227c8e5527c3d35e1f47_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:e75699436dad9bdaa192c4574e9fcab781566d326df66c17146c304f05f361a1_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:45e423cc38118b03fd694006b8aa284b4724083d0e1757b1f76420f00696675c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:aa2e77638b4934b2c03a79d1e7eb52463fb9a477ab2a355c45df62abdba2eb04_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:6b3fc523db1aded511e39e8da797d688b925fcc829d85d940b44589698a70ba7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:1eaacff0e54e7b46740868f53e9095ca483785621c36d748730201057e4b44ea_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:e793c66c3bd823c89ca6273aeeb60b09d1213c0c68a68a616657ba17b8116ea7_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:b106c2eaea2836dab71d0d0727c4664ec8c6faf3ddc93c6cf696afb22a0821e9_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:424b4a3bb2dea65e990f1132aeed52683bc6daae1d8cb1e0a11a228a66e2e156_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:8db649e114ccc3aefd1ee74518f3d3d39bbd08160a6208b2a4ff70c61e38b48b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-22T19:03:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8609"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:d3d5a9547632ce7c84deffb2ef5e6c6728462e24b89ddfc0ad925a762c356820_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:d77bd51acb92723b5ee72a3ea9a171c14294014e1cd793bd4e88cd9e5a4bd2d0_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:25f308ffaafcc1d1216bb90c566713a2873411bd000c9b360cbc9397d0d95a25_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:b46b59a2c62bf467ff7113fbd40abffefdfa73ef1762ed793fc426b1f264167a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:80caea580f582930b274619bda7628d945215a44c727f3097cdf146c03908452_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:05c43b71617165ad3763c85f96e2fcee6a1ba43474972636130365f149eb2273_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:56bde1a5ae607a58c6d01b3ca4068fe3c9c1d9e0e72b2fd0d1279dd686647d4d_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:8abb932a507e2db69b68127a290a830878a3542f0b6816efa18ffeee91b189db_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:5cec54c0ff91d6bbc7c6a59a873703c5d05359beb7f2a7933f8125866fd9e0dd_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:23cbe943a4b21b2226b4e8f638b17a45fc306b19f06f1c67a23768abfeca2e87_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4efa6304395bf177335cbc7a2c9d3f56b4ee4a5979591834a9b46281aadae24e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023:0814
Vulnerability from csaf_redhat - Published: 2023-02-20 12:40 - Updated: 2026-03-18 02:20Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Severity
Important
Notes
Topic: Updated Cryostat 2 on RHEL 8 container images are now available
Details: The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 (see References)
Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Cryostat 2 on RHEL 8 container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "The Cryostat 2 on RHEL 8 container images have been updated to fix \"CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key\" and to address the following security advisory: RHSA-2023:0625 (see References)\n\nUsers of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0814",
"url": "https://access.redhat.com/errata/RHSA-2023:0814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2023:0625",
"url": "https://access.redhat.com/errata/RHSA-2023:0625"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2161571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161571"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0814.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2026-03-18T02:20:41+00:00",
"generator": {
"date": "2026-03-18T02:20:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:0814",
"initial_release_date": "2023-02-20T12:40:17+00:00",
"revision_history": [
{
"date": "2023-02-20T12:40:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-20T12:40:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:20:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.2.0-14"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=1.1.1-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.2.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.2.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.2.1-11"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.2.0-14"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-20T12:40:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0814"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023:3229
Vulnerability from csaf_redhat - Published: 2023-05-18 15:55 - Updated: 2026-03-18 02:22Summary
Red Hat Security Advisory: openshift-gitops-kam security update
Severity
Important
Notes
Topic: An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3229",
"url": "https://access.redhat.com/errata/RHSA-2023:3229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html",
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3229.json"
}
],
"title": "Red Hat Security Advisory: openshift-gitops-kam security update",
"tracking": {
"current_release_date": "2026-03-18T02:22:32+00:00",
"generator": {
"date": "2026-03-18T02:22:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:3229",
"initial_release_date": "2023-05-18T15:55:21+00:00",
"revision_history": [
{
"date": "2023-05-18T15:55:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-18T15:55:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:22:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product_id": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam-redistributable@1.8.3-6.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T15:55:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3229"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023:3557
Vulnerability from csaf_redhat - Published: 2023-06-09 19:47 - Updated: 2026-03-18 02:22Summary
Red Hat Security Advisory: openshift-gitops-kam security update
Severity
Important
Notes
Topic: An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool
Security Fix(es):
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool\n\nSecurity Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3557",
"url": "https://access.redhat.com/errata/RHSA-2023:3557"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/gitops-release-notes.html",
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/gitops-release-notes.html"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3557.json"
}
],
"title": "Red Hat Security Advisory: openshift-gitops-kam security update",
"tracking": {
"current_release_date": "2026-03-18T02:22:26+00:00",
"generator": {
"date": "2026-03-18T02:22:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:3557",
"initial_release_date": "2023-06-09T19:47:27+00:00",
"revision_history": [
{
"date": "2023-06-09T19:47:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-09T19:47:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:22:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.9",
"product": {
"name": "Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product_id": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam-redistributable@1.9.0-102.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-09T19:47:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3557"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023_0814
Vulnerability from csaf_redhat - Published: 2023-02-20 12:40 - Updated: 2024-11-25 08:02Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Severity
Important
Notes
Topic: Updated Cryostat 2 on RHEL 8 container images are now available
Details: The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 (see References)
Users of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Cryostat 2 on RHEL 8 container images are now available",
"title": "Topic"
},
{
"category": "general",
"text": "The Cryostat 2 on RHEL 8 container images have been updated to fix \"CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key\" and to address the following security advisory: RHSA-2023:0625 (see References)\n\nUsers of Cryostat 2 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0814",
"url": "https://access.redhat.com/errata/RHSA-2023:0814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2023:0625",
"url": "https://access.redhat.com/errata/RHSA-2023:0625"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2161571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161571"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0814.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2024-11-25T08:02:43+00:00",
"generator": {
"date": "2024-11-25T08:02:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0814",
"initial_release_date": "2023-02-20T12:40:17+00:00",
"revision_history": [
{
"date": "2023-02-20T12:40:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-20T12:40:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:02:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.2.0-14"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=1.1.1-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.2.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.2.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.2.1-11"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.2.0-14"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-20T12:40:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0814"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:475397e4ba392d1bf197280f078b2aa024ee562ab0b4772b15b9fd773f52e716_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:704d50bc5a2ba7910344e6ec6d30bbabccd560628ac82b89d66f53a2ddf1140e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:3ae672568790ef1d2e0870d4c016186b37365144082920510dbd2426b336a896_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:20ab3fc7104fe007eb9d5d0df368b86ed6d01a9cb0c2b4595bcf9b677e7a22f8_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:3bec4e0d5e0e7f0a86374661222e68590f14181f230444a8a042904e772db9db_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:2718b97731f10e50c53a1e86e00d3fbb80a99b7fa0151858a6e355c501e1b392_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023_3229
Vulnerability from csaf_redhat - Published: 2023-05-18 15:55 - Updated: 2024-11-25 08:02Summary
Red Hat Security Advisory: openshift-gitops-kam security update
Severity
Important
Notes
Topic: An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3229",
"url": "https://access.redhat.com/errata/RHSA-2023:3229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html",
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3229.json"
}
],
"title": "Red Hat Security Advisory: openshift-gitops-kam security update",
"tracking": {
"current_release_date": "2024-11-25T08:02:51+00:00",
"generator": {
"date": "2024-11-25T08:02:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:3229",
"initial_release_date": "2023-05-18T15:55:21+00:00",
"revision_history": [
{
"date": "2023-05-18T15:55:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-18T15:55:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:02:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product_id": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam-redistributable@1.8.3-6.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product_id": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.8.3-6.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.s390x as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.src as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.src",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.8",
"product_id": "8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-18T15:55:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3229"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.aarch64",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.ppc64le",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.s390x",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.src",
"8Base-GitOps-1.8:openshift-gitops-kam-0:1.8.3-6.el8.x86_64",
"8Base-GitOps-1.8:openshift-gitops-kam-redistributable-0:1.8.3-6.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
RHSA-2023_3557
Vulnerability from csaf_redhat - Published: 2023-06-09 19:47 - Updated: 2024-11-25 08:03Summary
Red Hat Security Advisory: openshift-gitops-kam security update
Severity
Important
Notes
Topic: An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool
Security Fix(es):
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.
9.1 (Critical)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool\n\nSecurity Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3557",
"url": "https://access.redhat.com/errata/RHSA-2023:3557"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/cicd/gitops/gitops-release-notes.html",
"url": "https://docs.openshift.com/container-platform/latest/cicd/gitops/gitops-release-notes.html"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3557.json"
}
],
"title": "Red Hat Security Advisory: openshift-gitops-kam security update",
"tracking": {
"current_release_date": "2024-11-25T08:03:00+00:00",
"generator": {
"date": "2024-11-25T08:03:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:3557",
"initial_release_date": "2023-06-09T19:47:27+00:00",
"revision_history": [
{
"date": "2023-06-09T19:47:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-09T19:47:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:03:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.9",
"product": {
"name": "Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product": {
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product_id": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam-redistributable@1.9.0-102.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product_id": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-gitops-kam@1.9.0-102.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.s390x as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.src as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.src",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64 as a component of Red Hat OpenShift GitOps 1.9",
"product_id": "8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
},
"product_reference": "openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64",
"relates_to_product_reference": "8Base-GitOps-1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-09T19:47:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3557"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.aarch64",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.ppc64le",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.s390x",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.src",
"8Base-GitOps-1.9:openshift-gitops-kam-0:1.9.0-102.el8.x86_64",
"8Base-GitOps-1.9:openshift-gitops-kam-redistributable-0:1.9.0-102.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
SUSE-SU-2022:3321-1
Vulnerability from csaf_suse - Published: 2022-09-20 15:19 - Updated: 2022-09-20 15:19Summary
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Severity
Important
Notes
Title of the patch: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Description of the patch: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
Security issues fixed:
- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)
Security issues fixed in vendored dependencies:
- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)
- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)
Other fixes:
- Pack nft rules and nsswitch.conf for virt-handler
- Only create 1MiB-aligned disk images (bsc#1199603)
- Avoid to return nil failure message
- Use semantic equality comparison
- Allow to configure utility containers for update test
- Install nftables to manage network rules
- Install tar to allow kubectl cp ...
- Symlink nsswitch.conf and nft rules to proper locations
- Enable USB redirection support for QEMU
- Install vim-small instread of vim
- Drop libvirt-daemon-driver-storage-core
- Install ethtool and gawk (bsc#1199392)
- Use non-versioned appliance to avoid redundant rpm query
- Explicitly state the dependency on kubevirt main package
Patchnames: SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)\n\nSecurity issues fixed in vendored dependencies:\n\n- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)\n- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)\n\nOther fixes:\n\n- Pack nft rules and nsswitch.conf for virt-handler\n- Only create 1MiB-aligned disk images (bsc#1199603)\n- Avoid to return nil failure message\n- Use semantic equality comparison\n- Allow to configure utility containers for update test\n- Install nftables to manage network rules\n- Install tar to allow kubectl cp ...\n- Symlink nsswitch.conf and nft rules to proper locations\n- Enable USB redirection support for QEMU\n- Install vim-small instread of vim\n- Drop libvirt-daemon-driver-storage-core\n- Install ethtool and gawk (bsc#1199392)\n- Use non-versioned appliance to avoid redundant rpm query\n- Explicitly state the dependency on kubevirt main package\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3321-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3321-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223321-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3321-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012297.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199392",
"url": "https://bugzilla.suse.com/1199392"
},
{
"category": "self",
"summary": "SUSE Bug 1199460",
"url": "https://bugzilla.suse.com/1199460"
},
{
"category": "self",
"summary": "SUSE Bug 1199603",
"url": "https://bugzilla.suse.com/1199603"
},
{
"category": "self",
"summary": "SUSE Bug 1200528",
"url": "https://bugzilla.suse.com/1200528"
},
{
"category": "self",
"summary": "SUSE Bug 1202516",
"url": "https://bugzilla.suse.com/1202516"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1798 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29162 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29162/"
}
],
"title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container",
"tracking": {
"current_release_date": "2022-09-20T15:19:24Z",
"generator": {
"date": "2022-09-20T15:19:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3321-1",
"initial_release_date": "2022-09-20T15:19:24Z",
"revision_history": [
{
"date": "2022-09-20T15:19:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-tests-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"product_id": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
"product": {
"name": "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
"product_id": "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-tests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
},
"product_reference": "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1798"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1798",
"url": "https://www.suse.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "SUSE Bug 1202516 for CVE-2022-1798",
"url": "https://bugzilla.suse.com/1202516"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-20T15:19:24Z",
"details": "important"
}
],
"title": "CVE-2022-1798"
},
{
"cve": "CVE-2022-1996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1996"
}
],
"notes": [
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1996",
"url": "https://www.suse.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "SUSE Bug 1200528 for CVE-2022-1996",
"url": "https://bugzilla.suse.com/1200528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-20T15:19:24Z",
"details": "critical"
}
],
"title": "CVE-2022-1996"
},
{
"cve": "CVE-2022-29162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29162"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container\u0027s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29162",
"url": "https://www.suse.com/security/cve/CVE-2022-29162"
},
{
"category": "external",
"summary": "SUSE Bug 1199460 for CVE-2022-29162",
"url": "https://bugzilla.suse.com/1199460"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64",
"openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-20T15:19:24Z",
"details": "moderate"
}
],
"title": "CVE-2022-29162"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…