Action not permitted
Modal body text goes here.
CVE-2022-29046
Vulnerability from cvelistv5
Published
2022-04-12 19:50
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jenkinsci-cert@googlegroups.com | http://seclists.org/fulldisclosure/2022/Jul/18 | Mailing List, Third Party Advisory | |
| jenkinsci-cert@googlegroups.com | https://support.apple.com/kb/HT213345 | Third Party Advisory | |
| jenkinsci-cert@googlegroups.com | https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Jenkins project | Jenkins Subversion Plugin |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:58.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Subversion Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.15.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:30.891Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-29046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Subversion Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.15.3"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-29046",
"datePublished": "2022-04-12T19:50:44",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:58.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-29046\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2022-04-12T20:15:09.567\",\"lastModified\":\"2023-11-02T22:00:06.127\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\"},{\"lang\":\"es\",\"value\":\"El plugin Jenkins Subversion versiones 2.15.3 y anteriores, no escapan el nombre y la descripci\u00f3n de los par\u00e1metros de las etiquetas List Subversion (y m\u00e1s) en las visualizaciones que muestran par\u00e1metros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Item/Configure\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*\",\"versionEndIncluding\":\"2.15.3\",\"matchCriteriaId\":\"FFE39036-B5C9-4E00-BD27-0D090D4958E1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.5\",\"matchCriteriaId\":\"BFABC0C7-944C-4B46-A985-8B4F8BF93F54\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Jul/18\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213345\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
rhsa-2022_4909
Vulnerability from csaf_redhat
Published
2022-06-10 05:02
Modified
2024-11-22 19:21
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.7.52 paackages and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.7.52 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.52. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:4910
Security Fix(es):
* Pipeline Shared Groovy Libraries: Untrusted users can modify some
Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
(CVE-2022-29047)
* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
(CVE-2022-29046)
* credentials: Stored XSS vulnerabilities in jenkins plugin
(CVE-2022-29036)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.7.52 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.52. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:4910\n\nSecurity Fix(es):\n\n* Pipeline Shared Groovy Libraries: Untrusted users can modify some\nPipeline libraries in Pipeline Shared Groovy Libraries Plugin\n(CVE-2022-29047)\n* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n(CVE-2022-29046)\n* credentials: Stored XSS vulnerabilities in jenkins plugin\n(CVE-2022-29036)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4909",
"url": "https://access.redhat.com/errata/RHSA-2022:4909"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4909.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.52 paackages and security update",
"tracking": {
"current_release_date": "2024-11-22T19:21:19+00:00",
"generator": {
"date": "2024-11-22T19:21:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:4909",
"initial_release_date": "2022-06-10T05:02:59+00:00",
"revision_history": [
{
"date": "2022-06-10T05:02:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-10T05:03:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:21:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.7",
"product": {
"name": "Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.7::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.7.1652967082-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1652967082-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.7-4.rhaos4.7.gitb9df556.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_id": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_id": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.7-4.rhaos4.7.gitb9df556.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.7.1652967082-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
},
"product_reference": "cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.7.1652967082-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
"product_id": "8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.7.1652967082-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-10T05:02:59+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-10T05:02:59+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
},
{
"cve": "CVE-2022-29047",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074855"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management (SCM) to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even with the Pipeline configured not to trust them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.src",
"7Server-RH7-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el7.x86_64",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.src",
"8Base-RHOSE-4.7:cri-o-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.ppc64le",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.s390x",
"8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.7-4.rhaos4.7.gitb9df556.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29047"
},
{
"category": "external",
"summary": "RHBZ#2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-10T05:02:59+00:00",
"details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4909"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.noarch",
"8Base-RHOSE-4.7:jenkins-2-plugins-0:4.7.1652967082-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin"
}
]
}
rhsa-2022_0871
Vulnerability from csaf_redhat
Published
2022-03-22 17:31
Modified
2024-11-22 18:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.8.35 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.8.35 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.35. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:0872
Security Fix(es):
* CRI-O: Arbitrary code execution in cri-o via abusing
“kernel.core_pattern” kernel parameter (CVE-2022-0811)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.8.35 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.35. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:0872\n\nSecurity Fix(es):\n\n* CRI-O: Arbitrary code execution in cri-o via abusing\n\u201ckernel.core_pattern\u201d kernel parameter (CVE-2022-0811)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0871",
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2059475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059475"
},
{
"category": "external",
"summary": "2064010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064010"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0871.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.8.35 security update",
"tracking": {
"current_release_date": "2024-11-22T18:44:22+00:00",
"generator": {
"date": "2024-11-22T18:44:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0871",
"initial_release_date": "2022-03-22T17:31:21+00:00",
"revision_history": [
{
"date": "2022-03-22T17:31:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-22T17:31:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:44:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.8::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.8",
"product": {
"name": "Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.8::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"product_id": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"product_id": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"product": {
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"product_id": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.8.0-202203100145.p0.gfccb320.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.5-3.rhaos4.8.gitaf64931.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_id": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_id": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.21.5-3.rhaos4.8.gitaf64931.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.8.1646993358-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@4.8.0-202203100145.p0.gfccb320.assembly.stream.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product_id": "openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@4.8.0-202203100145.p0.gfccb320.assembly.stream.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src"
},
"product_reference": "openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
},
"product_reference": "cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.8.1646993358-1.el8.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.8",
"product_id": "8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"John Walker",
"Manoj Ahuje"
],
"organization": "Crowdstrike"
}
],
"cve": "CVE-2022-0811",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-03-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2059475"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CRI-O: Arbitrary code execution in cri-o via abusing \u201ckernel.core_pattern\u201d kernel parameter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from version 4.6 is affected by this vulnerability, older versions of OCP are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0811"
},
{
"category": "external",
"summary": "RHBZ#2059475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0811"
},
{
"category": "external",
"summary": "https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-6x2m-w449-qwx7"
}
],
"release_date": "2022-03-15T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CRI-O: Arbitrary code execution in cri-o via abusing \u201ckernel.core_pattern\u201d kernel parameter"
},
{
"cve": "CVE-2022-25173",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055733"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25173"
},
{
"category": "external",
"summary": "RHBZ#2055733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055733"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25173"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25174",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This allows attackers to compromise confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25174"
},
{
"category": "external",
"summary": "RHBZ#2055734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25174"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25175",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055719"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Multibranch uses the same checkout directories for distinct SCMs for the readTrusted step. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.This allows attackers to compromise confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-multibranch: OS command execution through crafted SCM contents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25175"
},
{
"category": "external",
"summary": "RHBZ#2055719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25175"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-multibranch: OS command execution through crafted SCM contents"
},
{
"cve": "CVE-2022-25176",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25176"
},
{
"category": "external",
"summary": "RHBZ#2055787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25176"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25177",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25177"
},
{
"category": "external",
"summary": "RHBZ#2055788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25177"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25178",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries does not restrict the names of resources passed to the libraryResource step. This flaw allows attackers who can configure Pipelines to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25178"
},
{
"category": "external",
"summary": "RHBZ#2055789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25178"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps-global-lib: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25179",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Multibranch follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step. This flaw allows attackers that can configure Pipelines, to read arbitrary files on the Jenkins controller file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25179"
},
{
"category": "external",
"summary": "RHBZ#2055792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25179"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25179",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25179"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-multibranch: Pipeline-related plugins follow symbolic links or do not limit path names"
},
{
"cve": "CVE-2022-25180",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055795"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps: Password parameters are included from the original build in replayed builds",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25180"
},
{
"category": "external",
"summary": "RHBZ#2055795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25180"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "workflow-cps: Password parameters are included from the original build in replayed builds"
},
{
"cve": "CVE-2022-25181",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055797"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the same workspace directory for all checkouts of Pipeline libraries with the same name, regardless of the SCM used and the source of the library configuration. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, through crafted SCM contents if a global Pipeline library already exists.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25181"
},
{
"category": "external",
"summary": "RHBZ#2055797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25181"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25182",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055798"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries Plugin uses the names of Pipeline libraries to create directories without canonicalization or sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller, JVM, using specially crafted library names if a global Pipeline library is already configured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25182"
},
{
"category": "external",
"summary": "RHBZ#2055798",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055798"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25182"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25183",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055802"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM, using specially crafted library names if a global Pipeline library configured to use caching already exists.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "workflow-cps-global-lib: Sandbox bypass vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25183"
},
{
"category": "external",
"summary": "RHBZ#2055802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25183"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "workflow-cps-global-lib: Sandbox bypass vulnerability"
},
{
"cve": "CVE-2022-25184",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2022-02-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055804"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromises confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pipeline-build-step: Password parameter default values exposed",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25184"
},
{
"category": "external",
"summary": "RHBZ#2055804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25184"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pipeline-build-step: Password parameter default values exposed"
},
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.src",
"7Server-RH7-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el7.x86_64",
"7Server-RH7-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-ansible-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.8:openshift-ansible-test-0:4.8.0-202203100145.p0.gfccb320.assembly.stream.el7.noarch",
"7Server-RH7-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.src",
"8Base-RHOSE-4.8:cri-o-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debuginfo-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.ppc64le",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.s390x",
"8Base-RHOSE-4.8:cri-o-debugsource-0:1.21.5-3.rhaos4.8.gitaf64931.el8.x86_64",
"8Base-RHOSE-4.8:openshift-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.src",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.s390x",
"8Base-RHOSE-4.8:openshift-hyperkube-0:4.8.0-202203100757.p0.gee73ea2.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-22T17:31:21+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.noarch",
"8Base-RHOSE-4.8:jenkins-2-plugins-0:4.8.1646993358-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
}
]
}
rhsa-2022_2280
Vulnerability from csaf_redhat
Published
2022-05-31 05:45
Modified
2024-11-24 20:37
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11.705 security update
Notes
Topic
Red Hat OpenShift Container Platform release 3.11.705 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 3.11.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:2281
Security Fix(es):
* credentials: Stored XSS vulnerabilities in jenkins plugin
(CVE-2022-29036)
* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
(CVE-2022-29046)
* prometheus/client_golang: Denial of service using
InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)listed in the References section.
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 3.11.705 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:2281\n\nSecurity Fix(es):\n\n* credentials: Stored XSS vulnerabilities in jenkins plugin\n(CVE-2022-29036)\n* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n(CVE-2022-29046)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)listed in the References section.\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:2280",
"url": "https://access.redhat.com/errata/RHSA-2022:2280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2071682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071682"
},
{
"category": "external",
"summary": "2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2280.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 3.11.705 security update",
"tracking": {
"current_release_date": "2024-11-24T20:37:50+00:00",
"generator": {
"date": "2024-11-24T20:37:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:2280",
"initial_release_date": "2022-05-31T05:45:09+00:00",
"revision_history": [
{
"date": "2022-05-31T05:45:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-31T05:45:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T20:37:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 3.11",
"product": {
"name": "Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:3.11::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"product_id": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.705-1.g2e6be86.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"product": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"product_id": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.705-1.git.0.7a17a5d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.705-1.g99b2acf.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"product_id": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.705-1.gd435537.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"product_id": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.705-1.g0fa231c.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"product_id": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.705-1.gf8bf728.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.705-1.gc8f26da.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"product_id": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.705-1.g39cfc66.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"product": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"product_id": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.705-1.ge59c860.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.705-1.gedebe84.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"product": {
"name": "golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"product_id": "golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.705-1.g13de638.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"product": {
"name": "golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"product_id": "golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.705-1.g609cd20.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"product": {
"name": "golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"product_id": "golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.705-1.g99aae51.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"product": {
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"product_id": "jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1650628887-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"product": {
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"product_id": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.11.705-1.git.0.ad19a48.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"product_id": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.705-1.gf2f435d.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.705-1.g22be164.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"product": {
"name": "openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"product_id": "openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr@3.11.705-1.g0c4bf66.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.705-1.g2e6be86.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"product": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.705-1.g2e6be86.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product": {
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_id": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.705-1.git.0.7a17a5d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.705-1.g99b2acf.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"product_id": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.705-1.gd435537.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"product": {
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"product_id": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.705-1.g0fa231c.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"product_id": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.705-1.gf8bf728.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.705-1.gc8f26da.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"product_id": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.705-1.g39cfc66.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"product": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"product_id": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.705-1.ge59c860.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.705-1.gedebe84.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"product": {
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"product_id": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.705-1.g13de638.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"product": {
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"product_id": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.705-1.g609cd20.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"product": {
"name": "prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"product_id": "prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@3.11.705-1.g99aae51.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"product_id": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.705-1.gf2f435d.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.705-1.g22be164.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product_id": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.705-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.705-1.g2e6be86.el7?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product": {
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_id": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.705-1.git.0.7a17a5d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"product": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"product_id": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.705-1.g99b2acf.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"product": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"product_id": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.705-1.gd435537.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"product": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"product_id": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.705-1.gf8bf728.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"product": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"product_id": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.705-1.gc8f26da.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"product": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"product_id": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.705-1.g39cfc66.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"product": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"product_id": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.705-1.ge59c860.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"product": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"product_id": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.705-1.gedebe84.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"product": {
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"product_id": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.705-1.g13de638.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"product": {
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"product_id": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.705-1.g609cd20.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"product": {
"name": "prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"product_id": "prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/prometheus@3.11.705-1.g99aae51.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"product": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"product_id": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.705-1.gf2f435d.el7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"product": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"product_id": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.705-1.g22be164.el7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product": {
"name": "atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product_id": "atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.705-1.git.0.7a17a5d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product": {
"name": "atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product_id": "atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.705-1.git.0.7a17a5d.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"product": {
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"product_id": "jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1650628887-1.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product": {
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_id": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible@3.11.705-1.git.0.ad19a48.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product": {
"name": "openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_id": "openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.705-1.git.0.ad19a48.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product": {
"name": "openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_id": "openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.705-1.git.0.ad19a48.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product": {
"name": "openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_id": "openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.705-1.git.0.ad19a48.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product": {
"name": "openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_id": "openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-ansible-test@3.11.705-1.git.0.ad19a48.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-cni@3.11.705-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-common@3.11.705-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"product": {
"name": "openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_id": "openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-kuryr-controller@3.11.705-1.g0c4bf66.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch",
"product": {
"name": "python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_id": "python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-kuryr-kubernetes@3.11.705-1.g0c4bf66.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le"
},
"product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64"
},
"product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src"
},
"product_reference": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64"
},
"product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64"
},
"product_reference": "atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch"
},
"product_reference": "atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64"
},
"product_reference": "atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch"
},
"product_reference": "atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64"
},
"product_reference": "atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64"
},
"product_reference": "atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64"
},
"product_reference": "atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le"
},
"product_reference": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64"
},
"product_reference": "atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le"
},
"product_reference": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src"
},
"product_reference": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64"
},
"product_reference": "atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64"
},
"product_reference": "golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src"
},
"product_reference": "golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src"
},
"product_reference": "golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src"
},
"product_reference": "golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch"
},
"product_reference": "jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:3.11.1650628887-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
},
"product_reference": "jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch"
},
"product_reference": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src"
},
"product_reference": "openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch"
},
"product_reference": "openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch"
},
"product_reference": "openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch"
},
"product_reference": "openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch"
},
"product_reference": "openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64"
},
"product_reference": "openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64"
},
"product_reference": "openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src"
},
"product_reference": "openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch"
},
"product_reference": "openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:3.11.705-1.g99aae51.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le"
},
"product_reference": "prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-0:3.11.705-1.g99aae51.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64"
},
"product_reference": "prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le"
},
"product_reference": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64"
},
"product_reference": "prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le"
},
"product_reference": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64"
},
"product_reference": "prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11",
"product_id": "7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
},
"product_reference": "python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-3.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-31T05:45:09+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2280"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-31T05:45:09+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2280"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.705-1.g2e6be86.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.705-1.g99b2acf.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.705-1.gd435537.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.705-1.g0fa231c.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.705-1.git.0.7a17a5d.el7.noarch",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.705-1.gf8bf728.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.705-1.gc8f26da.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.705-1.g39cfc66.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.705-1.git.0.7a17a5d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.src",
"7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.705-1.ge59c860.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.705-1.gedebe84.el7.x86_64",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.705-1.g13de638.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.705-1.g609cd20.el7.src",
"7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.705-1.g99aae51.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.705-1.git.0.ad19a48.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-ansible-test-0:3.11.705-1.git.0.ad19a48.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.705-1.gf2f435d.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.705-1.g22be164.el7.x86_64",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-0:3.11.705-1.g0c4bf66.el7.src",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-cni-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-common-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:openshift-kuryr-controller-0:3.11.705-1.g0c4bf66.el7.noarch",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-0:3.11.705-1.g99aae51.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.705-1.g13de638.el7.x86_64",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.ppc64le",
"7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.705-1.g609cd20.el7.x86_64",
"7Server-RH7-RHOSE-3.11:python2-kuryr-kubernetes-0:3.11.705-1.g0c4bf66.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-31T05:45:09+00:00",
"details": "Before applying this update, ensure all previously released errata relevant\nto your system is applied.\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html",
"product_ids": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2280"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.noarch",
"7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1650628887-1.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
}
]
}
rhsa-2022_4947
Vulnerability from csaf_redhat
Published
2022-06-17 05:40
Modified
2024-11-22 18:44
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.6.59 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.6.59 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:4948
Security Fix(es):
* credentials: Stored XSS vulnerabilities in jenkins plugin
(CVE-2022-29036)
* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
(CVE-2022-29046)
* cri-o: memory exhaustion on the node when access to the kube api
(CVE-2022-1708)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.6.59 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.59. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:4948\n\nSecurity Fix(es):\n\n* credentials: Stored XSS vulnerabilities in jenkins plugin\n(CVE-2022-29036)\n* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n(CVE-2022-29046)\n* cri-o: memory exhaustion on the node when access to the kube api\n(CVE-2022-1708)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:4947",
"url": "https://access.redhat.com/errata/RHSA-2022:4947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "2085361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085361"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4947.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.59 security update",
"tracking": {
"current_release_date": "2024-11-22T18:44:26+00:00",
"generator": {
"date": "2024-11-22T18:44:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:4947",
"initial_release_date": "2022-06-17T05:40:46+00:00",
"revision_history": [
{
"date": "2022-06-17T05:40:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-06-17T05:40:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:44:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.6",
"product": {
"name": "Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1653312933-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"product_id": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.6.0-202205181042.p0.g8203b20.assembly.stream.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.src",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.src",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el8?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.19.0-7.el8.src",
"product": {
"name": "cri-tools-0:1.19.0-7.el8.src",
"product_id": "cri-tools-0:1.19.0-7.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.19.0-7.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"product": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"product_id": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.6.0-9.rhaos4.6.git947598e.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"product_id": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.6.0-202205181042.p0.g8203b20.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.src",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.src",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el7?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.6.1653312933-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202205181042.p0.g8203b20.assembly.stream.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el8?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.19.0-7.el8.x86_64",
"product": {
"name": "cri-tools-0:1.19.0-7.el8.x86_64",
"product_id": "cri-tools-0:1.19.0-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.19.0-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"product": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"product_id": "cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.19.0-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"product": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"product_id": "cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.19.0-7.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_id": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.6.0-9.rhaos4.6.git947598e.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_id": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.6.0-9.rhaos4.6.git947598e.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_id": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.6.0-9.rhaos4.6.git947598e.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_id": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_id": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202205181042.p0.g8203b20.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el7?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.7-2.rhaos4.6.git3c20b65.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202205181042.p0.g8203b20.assembly.stream.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el8?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.19.0-7.el8.ppc64le",
"product": {
"name": "cri-tools-0:1.19.0-7.el8.ppc64le",
"product_id": "cri-tools-0:1.19.0-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.19.0-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"product": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"product_id": "cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.19.0-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"product": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"product_id": "cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.19.0-7.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_id": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.6.0-9.rhaos4.6.git947598e.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_id": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.6.0-9.rhaos4.6.git947598e.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_id": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.6.0-9.rhaos4.6.git947598e.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_id": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_id": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.6.0-202205181042.p0.g8203b20.assembly.stream.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"product": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"product_id": "conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.0.21-3.rhaos4.6.el8?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_id": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_id": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.19.7-2.rhaos4.6.git3c20b65.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-0:1.19.0-7.el8.s390x",
"product": {
"name": "cri-tools-0:1.19.0-7.el8.s390x",
"product_id": "cri-tools-0:1.19.0-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools@1.19.0-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"product": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"product_id": "cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debugsource@1.19.0-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"product": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"product_id": "cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.19.0-7.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_id": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition@2.6.0-9.rhaos4.6.git947598e.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_id": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate@2.6.0-9.rhaos4.6.git947598e.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_id": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debugsource@2.6.0-9.rhaos4.6.git947598e.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_id": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_id": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.6.0-9.rhaos4.6.git947598e.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.0.21-3.rhaos4.6.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64"
},
"product_reference": "conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
},
"product_reference": "cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.19.0-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le"
},
"product_reference": "cri-tools-0:1.19.0-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.19.0-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x"
},
"product_reference": "cri-tools-0:1.19.0-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.19.0-7.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src"
},
"product_reference": "cri-tools-0:1.19.0-7.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-0:1.19.0-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64"
},
"product_reference": "cri-tools-0:1.19.0-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le"
},
"product_reference": "cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x"
},
"product_reference": "cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debuginfo-0:1.19.0-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64"
},
"product_reference": "cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le"
},
"product_reference": "cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x"
},
"product_reference": "cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-tools-debugsource-0:1.19.0-7.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64"
},
"product_reference": "cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le"
},
"product_reference": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x"
},
"product_reference": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src"
},
"product_reference": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64"
},
"product_reference": "ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le"
},
"product_reference": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x"
},
"product_reference": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64"
},
"product_reference": "ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le"
},
"product_reference": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x"
},
"product_reference": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64"
},
"product_reference": "ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le"
},
"product_reference": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x"
},
"product_reference": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64"
},
"product_reference": "ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le"
},
"product_reference": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x"
},
"product_reference": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64"
},
"product_reference": "ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.6.1653312933-1.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.6",
"product_id": "8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.6"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korcz and David Korczynski"
],
"organization": "Disclosed by Ada Logics in a security audit sponsored by CNCF and facilitated by OSTIF"
}
],
"cve": "CVE-2022-1708",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-05-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2085361"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cri-o: memory exhaustion on the node when access to the kube api",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1708"
},
{
"category": "external",
"summary": "RHBZ#2085361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1708"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1708",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1708"
},
{
"category": "external",
"summary": "https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j"
}
],
"release_date": "2022-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-17T05:40:46+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
"product_ids": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cri-o: memory exhaustion on the node when access to the kube api"
},
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-17T05:40:46+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.src",
"7Server-RH7-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.src",
"7Server-RH7-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el7.x86_64",
"7Server-RH7-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el7.x86_64",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.ppc64le",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.s390x",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.src",
"8Base-RHOSE-4.6:conmon-2:2.0.21-3.rhaos4.6.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.src",
"8Base-RHOSE-4.6:cri-o-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debuginfo-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.ppc64le",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.s390x",
"8Base-RHOSE-4.6:cri-o-debugsource-0:1.19.7-2.rhaos4.6.git3c20b65.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.src",
"8Base-RHOSE-4.6:cri-tools-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debuginfo-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.ppc64le",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.s390x",
"8Base-RHOSE-4.6:cri-tools-debugsource-0:1.19.0-7.el8.x86_64",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.src",
"8Base-RHOSE-4.6:ignition-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-debugsource-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.ppc64le",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.s390x",
"8Base-RHOSE-4.6:ignition-validate-debuginfo-0:2.6.0-9.rhaos4.6.git947598e.el8.x86_64",
"8Base-RHOSE-4.6:openshift-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.src",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.s390x",
"8Base-RHOSE-4.6:openshift-hyperkube-0:4.6.0-202205181042.p0.g8203b20.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-06-17T05:40:46+00:00",
"details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:4947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.noarch",
"8Base-RHOSE-4.6:jenkins-2-plugins-0:4.6.1653312933-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
}
]
}
rhsa-2022_1600
Vulnerability from csaf_redhat
Published
2022-05-02 18:23
Modified
2024-11-22 19:12
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.10.12 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.10.12 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.12. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:1601
Security Fix(es):
* cri-o: Default inheritable capabilities for linux container should be
empty (CVE-2022-27652)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.10.12 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.10.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.12. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:1601\n\nSecurity Fix(es):\n\n* cri-o: Default inheritable capabilities for linux container should be\nempty (CVE-2022-27652)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1600",
"url": "https://access.redhat.com/errata/RHSA-2022:1600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064161"
},
{
"category": "external",
"summary": "2066839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"
},
{
"category": "external",
"summary": "2079307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079307"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1600.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.12 security update",
"tracking": {
"current_release_date": "2024-11-22T19:12:12+00:00",
"generator": {
"date": "2024-11-22T19:12:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:1600",
"initial_release_date": "2022-05-02T18:23:40+00:00",
"revision_history": [
{
"date": "2022-05-02T18:23:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-02T18:23:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:12:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.10::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"product": {
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"product_id": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-boto-0:2.34.0-5.el7.src",
"product": {
"name": "python-boto-0:2.34.0-5.el7.src",
"product_id": "python-boto-0:2.34.0-5.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-boto@2.34.0-5.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jq-0:1.6-2.el7.src",
"product": {
"name": "jq-0:1.6-2.el7.src",
"product_id": "jq-0:1.6-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jq@1.6-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"product": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"product_id": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1650888800-1.el8.src",
"product": {
"name": "jenkins-0:2.319.3.1650888800-1.el8.src",
"product_id": "jenkins-0:2.319.3.1650888800-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1650888800-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1650890594-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"product_id": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"product_id": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jq-0:1.6-2.el7.x86_64",
"product": {
"name": "jq-0:1.6-2.el7.x86_64",
"product_id": "jq-0:1.6-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jq@1.6-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jq-devel-0:1.6-2.el7.x86_64",
"product": {
"name": "jq-devel-0:1.6-2.el7.x86_64",
"product_id": "jq-devel-0:1.6-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jq-devel@1.6-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jq-debuginfo-0:1.6-2.el7.x86_64",
"product": {
"name": "jq-debuginfo-0:1.6-2.el7.x86_64",
"product_id": "jq-debuginfo-0:1.6-2.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jq-debuginfo@1.6-2.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_id": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-boto-0:2.34.0-5.el7.noarch",
"product": {
"name": "python-boto-0:2.34.0-5.el7.noarch",
"product_id": "python-boto-0:2.34.0-5.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-boto@2.34.0-5.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1650888800-1.el8.noarch",
"product": {
"name": "jenkins-0:2.319.3.1650888800-1.el8.noarch",
"product_id": "jenkins-0:2.319.3.1650888800-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1650888800-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1650890594-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_id": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_id": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_id": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_id": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.2-8.rhaos4.10.git8ad5d25.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jq-0:1.6-2.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src"
},
"product_reference": "jq-0:1.6-2.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jq-0:1.6-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64"
},
"product_reference": "jq-0:1.6-2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jq-debuginfo-0:1.6-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64"
},
"product_reference": "jq-debuginfo-0:1.6-2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jq-devel-0:1.6-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64"
},
"product_reference": "jq-devel-0:1.6-2.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src"
},
"product_reference": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-boto-0:2.34.0-5.el7.noarch as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch"
},
"product_reference": "python-boto-0:2.34.0-5.el7.noarch",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-boto-0:2.34.0-5.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src"
},
"product_reference": "python-boto-0:2.34.0-5.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64"
},
"product_reference": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le"
},
"product_reference": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x"
},
"product_reference": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src"
},
"product_reference": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
},
"product_reference": "cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1650888800-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch"
},
"product_reference": "jenkins-0:2.319.3.1650888800-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1650888800-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src"
},
"product_reference": "jenkins-0:2.319.3.1650888800-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.10.1650890594-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
"product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27652",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2022-03-22T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066839"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cri-o: Default inheritable capabilities for linux container should be empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is related to the general vulnerability found in Moby (Docker Engine), which has been assigned CVE-2022-24769. After further investigation we came to the conclusion that this CVE has a very minimal impact on Red Hat OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27652"
},
{
"category": "external",
"summary": "RHBZ#2066839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27652"
},
{
"category": "external",
"summary": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6",
"url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-4hj2-r2pm-3hc6"
}
],
"release_date": "2022-03-30T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-02T18:23:40+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1600"
},
{
"category": "workaround",
"details": "The entry point of a container can be modified to use a utility like capsh(1) to drop inheritable capabilities prior to the primary process starting.",
"product_ids": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cri-o: Default inheritable capabilities for linux container should be empty"
},
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-02T18:23:40+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jira: Stored XSS vulnerabilities in Jenkins Jira plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29041"
},
{
"category": "external",
"summary": "RHBZ#2074850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29041"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-02T18:23:40+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jira: Stored XSS vulnerabilities in Jenkins Jira plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.src",
"7Server-RH7-RHOSE-4.10:jq-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-debuginfo-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:jq-devel-0:1.6-2.el7.x86_64",
"7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.src",
"7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el7.x86_64",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.noarch",
"7Server-RH7-RHOSE-4.10:python-boto-0:2.34.0-5.el7.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.src",
"8Base-RHOSE-4.10:cri-o-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.aarch64",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.ppc64le",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.s390x",
"8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.2-8.rhaos4.10.git8ad5d25.el8.x86_64",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-0:2.319.3.1650888800-1.el8.src",
"8Base-RHOSE-4.10:openshift-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.src",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.s390x",
"8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202204251639.p0.g70fb84c.assembly.stream.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-02T18:23:40+00:00",
"details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1600"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.noarch",
"8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1650890594-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
}
]
}
rhsa-2022_2205
Vulnerability from csaf_redhat
Published
2022-05-18 12:03
Modified
2024-11-22 19:21
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.9.33 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.9.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:2206
Security Fix(es):
* Jira: Stored XSS vulnerabilities in Jenkins Jira plugin (CVE-2022-29041)
* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
(CVE-2022-29046)
* Pipeline Shared Groovy Libraries: Untrusted users can modify some
Pipeline libraries in Pipeline Shared Groovy Libraries Plugin
(CVE-2022-29047)
* credentials: Stored XSS vulnerabilities in jenkins plugin
(CVE-2022-29036)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.9.33 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.9.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:2206\n\nSecurity Fix(es):\n\n* Jira: Stored XSS vulnerabilities in Jenkins Jira plugin (CVE-2022-29041)\n* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n(CVE-2022-29046)\n* Pipeline Shared Groovy Libraries: Untrusted users can modify some\nPipeline libraries in Pipeline Shared Groovy Libraries Plugin\n(CVE-2022-29047)\n* credentials: Stored XSS vulnerabilities in jenkins plugin\n(CVE-2022-29036)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:2205",
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "2074850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074850"
},
{
"category": "external",
"summary": "2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_2205.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update",
"tracking": {
"current_release_date": "2024-11-22T19:21:12+00:00",
"generator": {
"date": "2024-11-22T19:21:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:2205",
"initial_release_date": "2022-05-18T12:03:24+00:00",
"revision_history": [
{
"date": "2022-05-18T12:03:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-18T12:03:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:21:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.9",
"product": {
"name": "Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.9::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.9",
"product": {
"name": "Red Hat OpenShift Container Platform 4.9",
"product_id": "7Server-RH7-RHOSE-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"product": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"product_id": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-5.rhaos4.9.git388405c.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1651752848-1.el8.src",
"product": {
"name": "jenkins-0:2.319.3.1651752848-1.el8.src",
"product_id": "jenkins-0:2.319.3.1651752848-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1651752848-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.9.1651754460-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1651754460-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"product": {
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"product_id": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-6.rhaos4.9.git388405c.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_id": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-5.rhaos4.9.git388405c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.3-5.rhaos4.9.git388405c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.3-5.rhaos4.9.git388405c.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product": {
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product_id": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-6.rhaos4.9.git388405c.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product_id": "cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.3-6.rhaos4.9.git388405c.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_id": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-5.rhaos4.9.git388405c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.3-5.rhaos4.9.git388405c.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.3-5.rhaos4.9.git388405c.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_id": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-5.rhaos4.9.git388405c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.3-5.rhaos4.9.git388405c.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.3-5.rhaos4.9.git388405c.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_id": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.22.3-5.rhaos4.9.git388405c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_id": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.22.3-5.rhaos4.9.git388405c.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.22.3-5.rhaos4.9.git388405c.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.319.3.1651752848-1.el8.noarch",
"product": {
"name": "jenkins-0:2.319.3.1651752848-1.el8.noarch",
"product_id": "jenkins-0:2.319.3.1651752848-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.319.3.1651752848-1.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1651754460-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src"
},
"product_reference": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64"
},
"product_reference": "cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64"
},
"product_reference": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le"
},
"product_reference": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x"
},
"product_reference": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src"
},
"product_reference": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64"
},
"product_reference": "cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1651752848-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch"
},
"product_reference": "jenkins-0:2.319.3.1651752848-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.319.3.1651752848-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
},
"product_reference": "jenkins-0:2.319.3.1651752848-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.9.1651754460-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9",
"product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.9.1651754460-1.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29036",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "credentials: Stored XSS vulnerabilities in jenkins plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29036"
},
{
"category": "external",
"summary": "RHBZ#2074847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29036"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-18T12:03:24+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "credentials: Stored XSS vulnerabilities in jenkins plugin"
},
{
"cve": "CVE-2022-29041",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074850"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jira: Stored XSS vulnerabilities in Jenkins Jira plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29041"
},
{
"category": "external",
"summary": "RHBZ#2074850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074850"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29041"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-18T12:03:24+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jira: Stored XSS vulnerabilities in Jenkins Jira plugin"
},
{
"cve": "CVE-2022-29046",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074851"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Subversion plugin. The Jenkins subversion plugin does not escape the name and description of List Subversion tags and parameters on views displaying the parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers with Item/Configure permission.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29046"
},
{
"category": "external",
"summary": "RHBZ#2074851",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074851"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-18T12:03:24+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "subversion: Stored XSS vulnerabilities in Jenkins subversion plugin"
},
{
"cve": "CVE-2022-29047",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"discovery_date": "2022-04-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2074855"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management (SCM) to effectively change the Pipeline behavior by changing the definition of a dynamically retrieved library in their pull request, even with the Pipeline configured not to trust them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"known_not_affected": [
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.src",
"7Server-RH7-RHOSE-4.9:cri-o-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"7Server-RH7-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-6.rhaos4.9.git388405c.el7.x86_64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.src",
"8Base-RHOSE-4.9:cri-o-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debuginfo-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.aarch64",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.ppc64le",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.s390x",
"8Base-RHOSE-4.9:cri-o-debugsource-0:1.22.3-5.rhaos4.9.git388405c.el8.x86_64",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-0:2.319.3.1651752848-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29047"
},
{
"category": "external",
"summary": "RHBZ#2074855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29047"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-1951"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-18T12:03:24+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html",
"product_ids": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.noarch",
"8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1651754460-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin"
}
]
}
var-202204-1222
Vulnerability from variot
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Subversion A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with. Jenkins is an open source application software of Jenkins. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 3.11.705 security update Advisory ID: RHSA-2022:2280-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:2280 Issue date: 2022-05-31 CVE Names: CVE-2022-21698 CVE-2022-29036 CVE-2022-29046 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 3.11.705 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2022:2281
Security Fix(es):
- credentials: Stored XSS vulnerabilities in jenkins plugin (CVE-2022-29036)
- subversion: Stored XSS vulnerabilities in Jenkins subversion plugin (CVE-2022-29046)
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html
- Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
For OpenShift Container Platform 3.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/3.11/upgrading/index.html
- Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2069201 - during node scaleup sdn-pod crashloopback could not start DNS, unable to read config file: open /etc/origin/node/resolv.conf: no such file or directory 2071682 - sdn pod is crashing with panic: runtime error: invalid memory address or nil pointer dereference 2074847 - CVE-2022-29036 credentials: Stored XSS vulnerabilities in jenkins plugin 2074851 - CVE-2022-29046 subversion: Stored XSS vulnerabilities in Jenkins subversion plugin
- Package List:
Red Hat OpenShift Container Platform 3.11:
Source: atomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.src.rpm atomic-openshift-3.11.705-1.git.0.7a17a5d.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.src.rpm atomic-openshift-descheduler-3.11.705-1.gd435537.el7.src.rpm atomic-openshift-dockerregistry-3.11.705-1.g0fa231c.el7.src.rpm atomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.src.rpm atomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.src.rpm atomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.src.rpm atomic-openshift-web-console-3.11.705-1.ge59c860.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.src.rpm golang-github-prometheus-alertmanager-3.11.705-1.g13de638.el7.src.rpm golang-github-prometheus-node_exporter-3.11.705-1.g609cd20.el7.src.rpm golang-github-prometheus-prometheus-3.11.705-1.g99aae51.el7.src.rpm jenkins-2-plugins-3.11.1650628887-1.el7.src.rpm openshift-ansible-3.11.705-1.git.0.ad19a48.el7.src.rpm openshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.src.rpm openshift-kuryr-3.11.705-1.g0c4bf66.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.11.705-1.git.0.7a17a5d.el7.noarch.rpm atomic-openshift-excluder-3.11.705-1.git.0.7a17a5d.el7.noarch.rpm jenkins-2-plugins-3.11.1650628887-1.el7.noarch.rpm openshift-ansible-3.11.705-1.git.0.ad19a48.el7.noarch.rpm openshift-ansible-docs-3.11.705-1.git.0.ad19a48.el7.noarch.rpm openshift-ansible-playbooks-3.11.705-1.git.0.ad19a48.el7.noarch.rpm openshift-ansible-roles-3.11.705-1.git.0.ad19a48.el7.noarch.rpm openshift-ansible-test-3.11.705-1.git.0.ad19a48.el7.noarch.rpm openshift-kuryr-cni-3.11.705-1.g0c4bf66.el7.noarch.rpm openshift-kuryr-common-3.11.705-1.g0c4bf66.el7.noarch.rpm openshift-kuryr-controller-3.11.705-1.g0c4bf66.el7.noarch.rpm python2-kuryr-kubernetes-3.11.705-1.g0c4bf66.el7.noarch.rpm
ppc64le: atomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.705-1.g2e6be86.el7.ppc64le.rpm atomic-openshift-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-clients-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.705-1.gd435537.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-master-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.ppc64le.rpm atomic-openshift-node-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.ppc64le.rpm atomic-openshift-pod-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-tests-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm atomic-openshift-web-console-3.11.705-1.ge59c860.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.ppc64le.rpm prometheus-3.11.705-1.g99aae51.el7.ppc64le.rpm prometheus-alertmanager-3.11.705-1.g13de638.el7.ppc64le.rpm prometheus-node-exporter-3.11.705-1.g609cd20.el7.ppc64le.rpm
x86_64: atomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.705-1.g2e6be86.el7.x86_64.rpm atomic-openshift-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-clients-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.x86_64.rpm atomic-openshift-descheduler-3.11.705-1.gd435537.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.705-1.g0fa231c.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-hypershift-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-master-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.x86_64.rpm atomic-openshift-node-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.x86_64.rpm atomic-openshift-pod-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-tests-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm atomic-openshift-web-console-3.11.705-1.ge59c860.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.x86_64.rpm prometheus-3.11.705-1.g99aae51.el7.x86_64.rpm prometheus-alertmanager-3.11.705-1.g13de638.el7.x86_64.rpm prometheus-node-exporter-3.11.705-1.g609cd20.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-29036 https://access.redhat.com/security/cve/CVE-2022-29046 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):
2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file 2086938 - Placeholder bug for OCP 3.11.z image release
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "jenkins",
"version": "2.15.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "subversion",
"scope": null,
"trust": 0.8,
"vendor": "jenkins \u30d7\u30ed\u30b8\u30a7\u30af\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"versionEndIncluding": "2.15.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "PACKETSTORM",
"id": "167327"
}
],
"trust": 0.5
},
"cve": "CVE-2022-29046",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-29046",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-420580",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-29046",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-29046",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2960",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-420580",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-29046",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Subversion A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with. Jenkins is an open source application software of Jenkins. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 3.11.705 security update\nAdvisory ID: RHSA-2022:2280-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2280\nIssue date: 2022-05-31\nCVE Names: CVE-2022-21698 CVE-2022-29036 CVE-2022-29046\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.705 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 3.11. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.705. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2022:2281\n\nSecurity Fix(es):\n\n* credentials: Stored XSS vulnerabilities in jenkins plugin\n(CVE-2022-29036)\n* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n(CVE-2022-29046)\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)listed in the References section. \n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html\n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2069201 - during node scaleup sdn-pod crashloopback could not start DNS, unable to read config file: open /etc/origin/node/resolv.conf: no such file or directory\n2071682 - sdn pod is crashing with panic: runtime error: invalid memory address or nil pointer dereference\n2074847 - CVE-2022-29036 credentials: Stored XSS vulnerabilities in jenkins plugin\n2074851 - CVE-2022-29046 subversion: Stored XSS vulnerabilities in Jenkins subversion plugin\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.src.rpm\natomic-openshift-3.11.705-1.git.0.7a17a5d.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.src.rpm\natomic-openshift-descheduler-3.11.705-1.gd435537.el7.src.rpm\natomic-openshift-dockerregistry-3.11.705-1.g0fa231c.el7.src.rpm\natomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.src.rpm\natomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.src.rpm\natomic-openshift-web-console-3.11.705-1.ge59c860.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.705-1.g13de638.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.705-1.g609cd20.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.705-1.g99aae51.el7.src.rpm\njenkins-2-plugins-3.11.1650628887-1.el7.src.rpm\nopenshift-ansible-3.11.705-1.git.0.ad19a48.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.src.rpm\nopenshift-kuryr-3.11.705-1.g0c4bf66.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.705-1.git.0.7a17a5d.el7.noarch.rpm\natomic-openshift-excluder-3.11.705-1.git.0.7a17a5d.el7.noarch.rpm\njenkins-2-plugins-3.11.1650628887-1.el7.noarch.rpm\nopenshift-ansible-3.11.705-1.git.0.ad19a48.el7.noarch.rpm\nopenshift-ansible-docs-3.11.705-1.git.0.ad19a48.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.705-1.git.0.ad19a48.el7.noarch.rpm\nopenshift-ansible-roles-3.11.705-1.git.0.ad19a48.el7.noarch.rpm\nopenshift-ansible-test-3.11.705-1.git.0.ad19a48.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.705-1.g0c4bf66.el7.noarch.rpm\nopenshift-kuryr-common-3.11.705-1.g0c4bf66.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.705-1.g0c4bf66.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.705-1.g0c4bf66.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.705-1.g2e6be86.el7.ppc64le.rpm\natomic-openshift-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-clients-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.705-1.gd435537.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-master-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.ppc64le.rpm\natomic-openshift-node-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.ppc64le.rpm\natomic-openshift-pod-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-tests-3.11.705-1.git.0.7a17a5d.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.705-1.ge59c860.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.ppc64le.rpm\nprometheus-3.11.705-1.g99aae51.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.705-1.g13de638.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.705-1.g609cd20.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.705-1.g2e6be86.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.705-1.g2e6be86.el7.x86_64.rpm\natomic-openshift-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-clients-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.705-1.g99b2acf.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.705-1.gd435537.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.705-1.g0fa231c.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-master-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.705-1.gf8bf728.el7.x86_64.rpm\natomic-openshift-node-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.705-1.gc8f26da.el7.x86_64.rpm\natomic-openshift-pod-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.705-1.g39cfc66.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-tests-3.11.705-1.git.0.7a17a5d.el7.x86_64.rpm\natomic-openshift-web-console-3.11.705-1.ge59c860.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.705-1.gedebe84.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.705-1.gf2f435d.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.705-1.g22be164.el7.x86_64.rpm\nprometheus-3.11.705-1.g99aae51.el7.x86_64.rpm\nprometheus-alertmanager-3.11.705-1.g13de638.el7.x86_64.rpm\nprometheus-node-exporter-3.11.705-1.g609cd20.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-29036\nhttps://access.redhat.com/security/cve/CVE-2022-29046\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file\n2086938 - Placeholder bug for OCP 3.11.z image release\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29046",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "167327",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167548",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167220",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167462",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2472",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3009",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3559",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2883",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2673",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041333",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061218",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061806",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167320",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-79936",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-420580",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29046",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"id": "VAR-202204-1222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420580"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-12T23:54:27.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Jenkins\u00a0Security\u00a0Advisory\u00a02022-04-12\u00a0(SECURITY-2617) Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#security-2617"
},
{
"title": "Jenkins Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=189288"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.7.52 paackages and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224909 - security advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 3.11.705 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222280 - security advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.6.59 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20224947 - security advisory"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-29046"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.9.33 packages and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222205 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 3.11.705 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20222281 - security advisory"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.8,
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#security-2617"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29046"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3559"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072101"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041333"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167327/red-hat-security-advisory-2022-2281-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061806"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213345"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167462/red-hat-security-advisory-2022-4909-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061218"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053122"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29046/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2472"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167548/red-hat-security-advisory-2022-4947-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2673"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167220/red-hat-security-advisory-2022-2205-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2883"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/jenkins-plugins-multiple-vulnerabilities-38026"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29036"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29036"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:4909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29047"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29047"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:2281"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/3.11/upgrading/index.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:2280"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:2206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29041"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:4948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1708"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1708"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:4910"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp-3-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420580"
},
{
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "PACKETSTORM",
"id": "167327"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-420580"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"date": "2023-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"date": "2022-05-19T15:52:21",
"db": "PACKETSTORM",
"id": "167220"
},
{
"date": "2022-05-31T17:21:15",
"db": "PACKETSTORM",
"id": "167320"
},
{
"date": "2022-06-20T16:04:41",
"db": "PACKETSTORM",
"id": "167548"
},
{
"date": "2022-06-10T14:17:13",
"db": "PACKETSTORM",
"id": "167462"
},
{
"date": "2022-05-31T17:24:16",
"db": "PACKETSTORM",
"id": "167327"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"date": "2022-04-12T20:15:09.567000",
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-420580"
},
{
"date": "2023-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29046"
},
{
"date": "2023-08-04T07:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-009374"
},
{
"date": "2022-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2960"
},
{
"date": "2023-11-02T22:00:06.127000",
"db": "NVD",
"id": "CVE-2022-29046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jenkins\u00a0Subversion\u00a0 Cross-site scripting vulnerability in plugins",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "167220"
},
{
"db": "PACKETSTORM",
"id": "167320"
},
{
"db": "PACKETSTORM",
"id": "167548"
},
{
"db": "PACKETSTORM",
"id": "167462"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2960"
}
],
"trust": 1.0
}
}
wid-sec-w-2022-0265
Vulnerability from csaf_certbund
Published
2022-04-12 22:00
Modified
2023-03-06 23:00
Summary
Jenkins: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen und Dateien zu manipulieren.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0265 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0265.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0265 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0265"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1064 vom 2023-03-06",
"url": "https://access.redhat.com/errata/RHSA-2023:1064"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2280 vom 2022-05-31",
"url": "https://access.redhat.com/errata/RHSA-2022:2280"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2205 vom 2022-05-19",
"url": "https://access.redhat.com/errata/RHSA-2022:2205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4947 vom 2022-06-17",
"url": "https://access.redhat.com/errata/RHSA-2022:4947"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4909 vom 2022-06-10",
"url": "https://access.redhat.com/errata/RHSA-2022:4909"
},
{
"category": "external",
"summary": "Jenkins Security Advisory vom 2022-04-12",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:2281 vom 2022-05-31",
"url": "https://access.redhat.com/errata/RHSA-2022:2281"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0017 vom 2023-01-12",
"url": "https://access.redhat.com/errata/RHSA-2023:0017"
}
],
"source_lang": "en-US",
"title": "Jenkins: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-03-06T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T16:47:47.876+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-0265",
"initial_release_date": "2022-04-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-09T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-06-19T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Jenkins Jenkins",
"product": {
"name": "Jenkins Jenkins",
"product_id": "T015880",
"product_identification_helper": {
"cpe": "cpe:/a:cloudbees:jenkins:-"
}
}
}
],
"category": "vendor",
"name": "Jenkins"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2601",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2017-2601"
},
{
"cve": "CVE-2022-29036",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29036"
},
{
"cve": "CVE-2022-29037",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29037"
},
{
"cve": "CVE-2022-29038",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29038"
},
{
"cve": "CVE-2022-29039",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29039"
},
{
"cve": "CVE-2022-29040",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29040"
},
{
"cve": "CVE-2022-29041",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29041"
},
{
"cve": "CVE-2022-29042",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29042"
},
{
"cve": "CVE-2022-29043",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29043"
},
{
"cve": "CVE-2022-29044",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29044"
},
{
"cve": "CVE-2022-29045",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29045"
},
{
"cve": "CVE-2022-29046",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29046"
},
{
"cve": "CVE-2022-29047",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29047"
},
{
"cve": "CVE-2022-29048",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29048"
},
{
"cve": "CVE-2022-29049",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29049"
},
{
"cve": "CVE-2022-29050",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29050"
},
{
"cve": "CVE-2022-29051",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29051"
},
{
"cve": "CVE-2022-29052",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Jenkins. Die Fehler befinden sich in den folgenden Plugins: Credentials Plugin, CVS Plugin, Extended Choice Parameter Plugin, Gerrit Trigger Plugin, Git Parameter Plugin, Google Compute Engine Plugin, Jira Plugin, Job Generator Plugin, Mask Passwords Plugin, Node and Label parameter Plugin, Pipeline: Shared Groovy Libraries Plugin, Promoted Builds Plugin, Publish Over FTP Plugin, Subversion Plugin. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Dateien zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"67646",
"T015880"
]
},
"release_date": "2022-04-12T22:00:00Z",
"title": "CVE-2022-29052"
}
]
}
wid-sec-w-2022-0778
Vulnerability from csaf_certbund
Published
2022-07-20 22:00
Modified
2023-06-21 22:00
Summary
Apple macOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- MacOS X
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0778 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0778.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0778 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0778"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2022-07-20",
"url": "https://support.apple.com/en-us/HT213343"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2022-07-20",
"url": "https://support.apple.com/en-us/HT213344"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2022-07-20",
"url": "https://support.apple.com/en-us/HT213345"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-21T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T16:53:42.750+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-0778",
"initial_release_date": "2022-07-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-07-21T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz erg\u00e4nzt"
},
{
"date": "2022-09-20T22:00:00.000+00:00",
"number": "3",
"summary": "CVE Nummern CVE-2022-32861, CVE-2022-32863, CVE-2022-32880 erg\u00e4nzt"
},
{
"date": "2022-10-06T22:00:00.000+00:00",
"number": "4",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2023-06-21T22:00:00.000+00:00",
"number": "5",
"summary": "CVE-2022-32885, CVE-2022-32948, CVE-2022-42805, CVE-2022-48503, CVE-2022-32860 erg\u00e4nzt"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Apple macOS Catalina \u003c 2022-005",
"product": {
"name": "Apple macOS Catalina \u003c 2022-005",
"product_id": "T023996",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:catalina__2022-005"
}
}
},
{
"category": "product_name",
"name": "Apple macOS Big Sur \u003c 11.6.8",
"product": {
"name": "Apple macOS Big Sur \u003c 11.6.8",
"product_id": "T023997",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:big_sur__11.6.8"
}
}
},
{
"category": "product_name",
"name": "Apple macOS Monterey \u003c 12.5",
"product": {
"name": "Apple macOS Monterey \u003c 12.5",
"product_id": "T023998",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:monterey__12.5"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48503",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-48503"
},
{
"cve": "CVE-2022-42805",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-42805"
},
{
"cve": "CVE-2022-32948",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32948"
},
{
"cve": "CVE-2022-32910",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32910"
},
{
"cve": "CVE-2022-32885",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32885"
},
{
"cve": "CVE-2022-32880",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32880"
},
{
"cve": "CVE-2022-32863",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32863"
},
{
"cve": "CVE-2022-32861",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32861"
},
{
"cve": "CVE-2022-32860",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32860"
},
{
"cve": "CVE-2022-32857",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32857"
},
{
"cve": "CVE-2022-32853",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32853"
},
{
"cve": "CVE-2022-32852",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32852"
},
{
"cve": "CVE-2022-32851",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32851"
},
{
"cve": "CVE-2022-32849",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32849"
},
{
"cve": "CVE-2022-32848",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32848"
},
{
"cve": "CVE-2022-32847",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32847"
},
{
"cve": "CVE-2022-32845",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32845"
},
{
"cve": "CVE-2022-32843",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32843"
},
{
"cve": "CVE-2022-32842",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32842"
},
{
"cve": "CVE-2022-32841",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32841"
},
{
"cve": "CVE-2022-32840",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32840"
},
{
"cve": "CVE-2022-32839",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32839"
},
{
"cve": "CVE-2022-32838",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32838"
},
{
"cve": "CVE-2022-32837",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32837"
},
{
"cve": "CVE-2022-32834",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32834"
},
{
"cve": "CVE-2022-32832",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32832"
},
{
"cve": "CVE-2022-32831",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32831"
},
{
"cve": "CVE-2022-32829",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32829"
},
{
"cve": "CVE-2022-32828",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32828"
},
{
"cve": "CVE-2022-32826",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32826"
},
{
"cve": "CVE-2022-32825",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32825"
},
{
"cve": "CVE-2022-32823",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32823"
},
{
"cve": "CVE-2022-32821",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32821"
},
{
"cve": "CVE-2022-32820",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32820"
},
{
"cve": "CVE-2022-32819",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32819"
},
{
"cve": "CVE-2022-32818",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32818"
},
{
"cve": "CVE-2022-32817",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32817"
},
{
"cve": "CVE-2022-32816",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32816"
},
{
"cve": "CVE-2022-32815",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32815"
},
{
"cve": "CVE-2022-32814",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32814"
},
{
"cve": "CVE-2022-32813",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32813"
},
{
"cve": "CVE-2022-32812",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32812"
},
{
"cve": "CVE-2022-32811",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32811"
},
{
"cve": "CVE-2022-32810",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32810"
},
{
"cve": "CVE-2022-32807",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32807"
},
{
"cve": "CVE-2022-32805",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32805"
},
{
"cve": "CVE-2022-32801",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32801"
},
{
"cve": "CVE-2022-32800",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32800"
},
{
"cve": "CVE-2022-32799",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32799"
},
{
"cve": "CVE-2022-32798",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32798"
},
{
"cve": "CVE-2022-32797",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32797"
},
{
"cve": "CVE-2022-32796",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32796"
},
{
"cve": "CVE-2022-32793",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32793"
},
{
"cve": "CVE-2022-32792",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32792"
},
{
"cve": "CVE-2022-32789",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32789"
},
{
"cve": "CVE-2022-32787",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32787"
},
{
"cve": "CVE-2022-32786",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32786"
},
{
"cve": "CVE-2022-32785",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32785"
},
{
"cve": "CVE-2022-32781",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-32781"
},
{
"cve": "CVE-2022-29048",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-29048"
},
{
"cve": "CVE-2022-29046",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-29046"
},
{
"cve": "CVE-2022-26981",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-26981"
},
{
"cve": "CVE-2022-26704",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-26704"
},
{
"cve": "CVE-2022-24070",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-24070"
},
{
"cve": "CVE-2022-2294",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-2294"
},
{
"cve": "CVE-2022-0158",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-0158"
},
{
"cve": "CVE-2022-0156",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-0156"
},
{
"cve": "CVE-2022-0128",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2022-0128"
},
{
"cve": "CVE-2021-46059",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-46059"
},
{
"cve": "CVE-2021-4193",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4193"
},
{
"cve": "CVE-2021-4192",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4192"
},
{
"cve": "CVE-2021-4187",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4187"
},
{
"cve": "CVE-2021-4173",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4173"
},
{
"cve": "CVE-2021-4166",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4166"
},
{
"cve": "CVE-2021-4136",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-4136"
},
{
"cve": "CVE-2021-28544",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten APFS, AppleMobileFileIntegrity, Apple Neural Engine, AppleScript, Audio, Automation, Calendar, CoreMedia, CoreText, FaceTime, File System Events, GPU Drivers, iCloud Photo Library, ICU, ImageIO, Intel Graphics Driver, Kernel, Liblouis, libxml2, Multi-Touch, PackageKit, PluginKit, PS Normalizer, SMB, Software Update, Spindump, Spotlight, subversion, TCC, Vim, Wi-Fi und Windows Server. Ein Angreifer aus dem benachbarten Netzwerk oder ein entfernter, anonymer, authentifizierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, Informationen falsch darzustellen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2022-07-20T22:00:00Z",
"title": "CVE-2021-28544"
}
]
}
ghsa-wpr6-qvcq-8269
Vulnerability from github
Published
2022-04-13 00:00
Modified
2023-10-27 17:11
Severity ?
Summary
Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin
Details
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Exploitation of this vulnerability requires that parameters are listed on another page, like the \"Build With Parameters\" and \"Parameters\" pages provided by Jenkins (core), and that those pages are not hardened to prevent exploitation. Jenkins (core) has prevented exploitation of vulnerabilities of this kind on the \"Build With Parameters\" and \"Parameters\" pages since 2.44 and LTS 2.32.2 as part of the SECURITY-353 / CVE-2017-2601 fix.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:subversion"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.15.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29046"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-01T23:57:35Z",
"nvd_published_at": "2022-04-12T20:15:00Z",
"severity": "MODERATE"
},
"details": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\nExploitation of this vulnerability requires that parameters are listed on another page, like the \\\"Build With Parameters\\\" and \\\"Parameters\\\" pages provided by Jenkins (core), and that those pages are not hardened to prevent exploitation. Jenkins (core) has prevented exploitation of vulnerabilities of this kind on the \\\"Build With Parameters\\\" and \\\"Parameters\\\" pages since 2.44 and LTS 2.32.2 as part of the [SECURITY-353 / CVE-2017-2601](https://www.jenkins.io/security/advisory/2017-02-01/#persisted-cross-site-scripting-vulnerability-in-parameter-names-and-descriptions) fix.",
"id": "GHSA-wpr6-qvcq-8269",
"modified": "2023-10-27T17:11:30Z",
"published": "2022-04-13T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29046"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/subversion-plugin"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213345"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin"
}
gsd-2022-29046
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29046",
"description": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"id": "GSD-2022-29046",
"references": [
"https://access.redhat.com/errata/RHSA-2022:2205",
"https://access.redhat.com/errata/RHSA-2022:2280",
"https://access.redhat.com/errata/RHSA-2022:4909",
"https://access.redhat.com/errata/RHSA-2022:4947",
"https://access.redhat.com/errata/RHSA-2022:0871",
"https://access.redhat.com/errata/RHSA-2022:1600"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-29046"
],
"details": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"id": "GSD-2022-29046",
"modified": "2023-12-13T01:19:41.595373Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-29046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Subversion Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "unspecified",
"version_value": "2.15.3"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617",
"refsource": "MISC",
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "http://seclists.org/fulldisclosure/2022/Jul/18",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,2.15.3]",
"affected_versions": "All versions up to 2.15.3",
"cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2022-10-27",
"description": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.",
"fixed_versions": [],
"identifier": "CVE-2022-29046",
"identifiers": [
"CVE-2022-29046"
],
"not_impacted": "",
"package_slug": "maven/org.jenkins-ci.plugins/subversion",
"pubdate": "2022-04-12",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-29046",
"https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
],
"uuid": "057ec762-6a9a-44f6-8f00-516f574f4d1c"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"versionEndIncluding": "2.15.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-29046"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
},
{
"name": "https://support.apple.com/kb/HT213345",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213345"
},
{
"name": "20220721 APPLE-SA-2022-07-20-2 macOS Monterey 12.5",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/18"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-11-02T22:00Z",
"publishedDate": "2022-04-12T20:15Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.