Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2995 (GCVE-0-2022-2995)
Vulnerability from cvelistv5 – Published: 2022-09-19 19:53 – Updated: 2025-05-29 15:57
VLAI
EPSS
Summary
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Severity
7.1 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.benthamsgaze.org/2022/08/22/vulnerabi… | x_refsource_MISC |
| https://github.com/cri-o/cri-o/pull/6159 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cri-o/cri-o/pull/6159"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T15:57:43.156670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:57:51.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cri-o",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "cri-o 1.25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:53:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cri-o/cri-o/pull/6159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cri-o",
"version": {
"version_data": [
{
"version_value": "cri-o 1.25.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"refsource": "MISC",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"name": "https://github.com/cri-o/cri-o/pull/6159",
"refsource": "MISC",
"url": "https://github.com/cri-o/cri-o/pull/6159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2995",
"datePublished": "2022-09-19T19:53:23.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-05-29T15:57:51.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-2995",
"date": "2026-05-28",
"epss": "0.00044",
"percentile": "0.13872"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kubernetes:cri-o:1.25.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18FC8950-AD8C-42A4-8327-E8BFF34F6740\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.\"}, {\"lang\": \"es\", \"value\": \"Un manejo incorrecto de los grupos suplementarios en el motor de contenedores CRI-O podr\\u00eda conllevar a una divulgaci\\u00f3n de informaci\\u00f3n confidencial o la posible modificaci\\u00f3n de datos si un atacante presenta acceso directo al contenedor afectado donde son usados los grupos suplementarios para establecer los permisos de acceso y es capaz de ejecutar un c\\u00f3digo binario en ese contenedor\"}]",
"id": "CVE-2022-2995",
"lastModified": "2024-11-21T07:02:03.227",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}]}",
"published": "2022-09-19T20:15:12.493",
"references": "[{\"url\": \"https://github.com/cri-o/cri-o/pull/6159\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/cri-o/cri-o/pull/6159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2995\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-09-19T20:15:12.493\",\"lastModified\":\"2025-05-29T16:15:28.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.\"},{\"lang\":\"es\",\"value\":\"Un manejo incorrecto de los grupos suplementarios en el motor de contenedores CRI-O podr\u00eda conllevar a una divulgaci\u00f3n de informaci\u00f3n confidencial o la posible modificaci\u00f3n de datos si un atacante presenta acceso directo al contenedor afectado donde son usados los grupos suplementarios para establecer los permisos de acceso y es capaz de ejecutar un c\u00f3digo binario en ese contenedor\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubernetes:cri-o:1.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18FC8950-AD8C-42A4-8327-E8BFF34F6740\"}]}]}],\"references\":[{\"url\":\"https://github.com/cri-o/cri-o/pull/6159\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/cri-o/cri-o/pull/6159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/cri-o/cri-o/pull/6159\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:53:00.585Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-2995\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-29T15:57:43.156670Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-29T15:57:01.323Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"cri-o\", \"versions\": [{\"status\": \"affected\", \"version\": \"cri-o 1.25.0\"}]}], \"references\": [{\"url\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/cri-o/cri-o/pull/6159\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2022-09-19T19:53:23.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"cri-o 1.25.0\"}]}, \"product_name\": \"cri-o\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"name\": \"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/cri-o/cri-o/pull/6159\", \"name\": \"https://github.com/cri-o/cri-o/pull/6159\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-284\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-2995\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-2995\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T15:57:51.706Z\", \"dateReserved\": \"2022-08-25T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-09-19T19:53:23.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023_3541
Vulnerability from csaf_redhat - Published: 2023-06-14 14:39 - Updated: 2024-11-22 20:52Summary
Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update
Severity
Low
Notes
Topic: Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.11.
Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.43. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:3542
Security Fix(es):
* cri-o: incorrect handling of the supplementary groups (CVE-2022-2995)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CWE-284 - Improper Access ControlAffected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — |
Vendor Fix
fix
|
Known not affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — |
Threats
Impact
Low
A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions are met by the proxy's behavior regarding cookies and the application's behavior session usage: 1. The caching proxy does not strip or ignore response with cookies 2. The application sets a permanent session 3. The application does not access or modify the session during requests 4. SESSION_REFRESH_EACH_REQUEST is enabled, which is the default Flask behavior 5. The application does not set the Cache-Control header to avoid being cached
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64 | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x | — | ||
| Unresolved product id: 8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64 | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — | ||
| Unresolved product id: 8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch | — |
Threats
Impact
Important
References
16 references
Acknowledgments
Steven Murdoch
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.11.43 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.43. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:3542\n\nSecurity Fix(es):\n\n* cri-o: incorrect handling of the supplementary groups (CVE-2022-2995)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3541",
"url": "https://access.redhat.com/errata/RHSA-2023:3541"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html",
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"category": "external",
"summary": "2121632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121632"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3541.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.11.43 packages and security update",
"tracking": {
"current_release_date": "2024-11-22T20:52:42+00:00",
"generator": {
"date": "2024-11-22T20:52:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:3541",
"initial_release_date": "2023-06-14T14:39:36+00:00",
"revision_history": [
{
"date": "2023-06-14T14:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-14T14:39:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T20:52:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ironic content for Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ironic:4.11::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"product": {
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"product_id": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic@20.2.1-0.20230605115028.483a7f9.el8?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-flask-1:1.1.2-6.el8.src",
"product": {
"name": "python-flask-1:1.1.2-6.el8.src",
"product_id": "python-flask-1:1.1.2-6.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@1.1.2-6.el8?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"product": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"product_id": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"product": {
"name": "openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"product_id": "openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift@4.11.0-202305261554.p0.g38b1413.assembly.stream.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-api@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-common@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-conductor@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openstack-ironic-dnsmasq-tftp-server@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product": {
"name": "python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_id": "python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ironic-tests@20.2.1-0.20230605115028.483a7f9.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-flask-doc-1:1.1.2-6.el8.noarch",
"product": {
"name": "python-flask-doc-1:1.1.2-6.el8.noarch",
"product_id": "python-flask-doc-1:1.1.2-6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask-doc@1.1.2-6.el8?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3-flask-1:1.1.2-6.el8.noarch",
"product": {
"name": "python3-flask-1:1.1.2-6.el8.noarch",
"product_id": "python3-flask-1:1.1.2-6.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-flask@1.1.2-6.el8?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_id": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_id": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_id": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"product_id": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202305261554.p0.g38b1413.assembly.stream.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_id": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_id": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_id": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"product_id": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202305261554.p0.g38b1413.assembly.stream.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_id": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_id": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_id": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"product_id": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202305261554.p0.g38b1413.assembly.stream.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_id": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_id": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debugsource@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_id": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cri-o-debuginfo@1.24.5-5.rhaos4.11.git8bf967b.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"product": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"product_id": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-hyperkube@4.11.0-202305261554.p0.g38b1413.assembly.stream.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64"
},
"product_reference": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le"
},
"product_reference": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x"
},
"product_reference": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src"
},
"product_reference": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
},
"product_reference": "cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
},
"product_reference": "cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le"
},
"product_reference": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x"
},
"product_reference": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
},
"product_reference": "cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src"
},
"product_reference": "openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64"
},
"product_reference": "openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"relates_to_product_reference": "8Base-RHOSE-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src"
},
"product_reference": "openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:1.1.2-6.el8.src as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src"
},
"product_reference": "python-flask-1:1.1.2-6.el8.src",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-doc-1:1.1.2-6.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch"
},
"product_reference": "python-flask-doc-1:1.1.2-6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-flask-1:1.1.2-6.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch"
},
"product_reference": "python3-flask-1:1.1.2-6.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch as a component of Ironic content for Red Hat OpenShift Container Platform 4.11",
"product_id": "8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
},
"product_reference": "python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"relates_to_product_reference": "8Base-RHOSE-IRONIC-4.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Steven Murdoch"
]
}
],
"cve": "CVE-2022-2995",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2022-08-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src",
"8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2121632"
}
],
"notes": [
{
"category": "description",
"text": "Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cri-o: incorrect handling of the supplementary groups",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
],
"known_not_affected": [
"8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src",
"8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2995"
},
{
"category": "external",
"summary": "RHBZ#2121632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2995",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2995"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2995",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2995"
},
{
"category": "external",
"summary": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
}
],
"release_date": "2022-08-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-14T14:39:36+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cri-o: incorrect handling of the supplementary groups"
},
{
"cve": "CVE-2023-30861",
"cwe": {
"id": "CWE-488",
"name": "Exposure of Data Element to Wrong Session"
},
"discovery_date": "2023-05-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196643"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions are met by the proxy\u0027s behavior regarding cookies and the application\u0027s behavior session usage:\r\n1. The caching proxy does not strip or ignore response with cookies\r\n2. The application sets a permanent session\r\n3. The application does not access or modify the session during requests\r\n4. SESSION_REFRESH_EACH_REQUEST is enabled, which is the default Flask behavior\r\n5. The application does not set the Cache-Control header to avoid being cached",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src",
"8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch"
],
"known_not_affected": [
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.src",
"8Base-RHOSE-4.11:cri-o-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debuginfo-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.aarch64",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.ppc64le",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.s390x",
"8Base-RHOSE-4.11:cri-o-debugsource-0:1.24.5-5.rhaos4.11.git8bf967b.el8.x86_64",
"8Base-RHOSE-4.11:openshift-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.src",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.aarch64",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.ppc64le",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.s390x",
"8Base-RHOSE-4.11:openshift-hyperkube-0:4.11.0-202305261554.p0.g38b1413.assembly.stream.el8.x86_64",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-1:20.2.1-0.20230605115028.483a7f9.el8.src",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-api-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-common-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-conductor-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:openstack-ironic-dnsmasq-tftp-server-1:20.2.1-0.20230605115028.483a7f9.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-ironic-tests-1:20.2.1-0.20230605115028.483a7f9.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-30861"
},
{
"category": "external",
"summary": "RHBZ#2196643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-30861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30861"
},
{
"category": "external",
"summary": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b",
"url": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b"
},
{
"category": "external",
"summary": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq",
"url": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq"
}
],
"release_date": "2023-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-14T14:39:36+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html",
"product_ids": [
"8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src",
"8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3541"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-IRONIC-4.11:python-flask-1:1.1.2-6.el8.src",
"8Base-RHOSE-IRONIC-4.11:python-flask-doc-1:1.1.2-6.el8.noarch",
"8Base-RHOSE-IRONIC-4.11:python3-flask-1:1.1.2-6.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header"
}
]
}
WID-SEC-W-2023-0111
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2024-06-02 22:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren.
Betroffene Betriebssysteme: - Linux
Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines unbegrenzten Alias-Chasing, bei dem eine in böser Absicht erstellte YAML-Datei dazu führen kann, dass das System erhebliche Systemressourcen in der go-yaml-Komponente verbraucht. Ein entfernterm anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.11.43
Red Hat / OpenShift
|
Container Platform <4.11.43 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.11.44
Red Hat / OpenShift
|
Container Platform <4.11.44 | ||
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Developer Tools and Services 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.11
|
Developer Tools and Services 4.11 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Virtualization 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:virtualization_4.13
|
Virtualization 4.13 | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.13
|
Container Platform 4.13 | |
|
Red Hat OpenShift Container Platform 4.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.10
|
Container Platform 4.10 |
Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund einer inkonsistenten Interpretation von HTTP Requests (HTTP Request/Response Smuggling) in Golang Go. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.11.43
Red Hat / OpenShift
|
Container Platform <4.11.43 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.11.44
Red Hat / OpenShift
|
Container Platform <4.11.44 | ||
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Developer Tools and Services 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.11
|
Developer Tools and Services 4.11 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Virtualization 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:virtualization_4.13
|
Virtualization 4.13 | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.13
|
Container Platform 4.13 | |
|
Red Hat OpenShift Container Platform 4.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.10
|
Container Platform 4.10 |
Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund einer fehlerhaften Behandlung der zusätzlichen Gruppen in der CRI-O Container-Engine. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben oder möglicherweise Daten zu verändern. Außerdem kann die Schwachstelle für Angriffe zur Codeausführung aus der Ferne genutzt werden.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.11.43
Red Hat / OpenShift
|
Container Platform <4.11.43 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.11.44
Red Hat / OpenShift
|
Container Platform <4.11.44 | ||
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Developer Tools and Services 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.11
|
Developer Tools and Services 4.11 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Virtualization 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:virtualization_4.13
|
Virtualization 4.13 | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.13
|
Container Platform 4.13 | |
|
Red Hat OpenShift Container Platform 4.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.10
|
Container Platform 4.10 |
Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund falscher Standardberechtigungen. Ein entfernter, authentisierter Angreifer mit Zugriff auf Programme mit vererbbaren Dateifähigkeiten kann diese Schwachstelle ausnutzen, um diese Fähigkeiten auf den erlaubten Satz zu erhöhen, wenn execve(2) ausgeführt wird. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.11.43
Red Hat / OpenShift
|
Container Platform <4.11.43 | ||
|
Red Hat OpenShift
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.11.44
Red Hat / OpenShift
|
Container Platform <4.11.44 | ||
|
Red Hat OpenShift Container Platform 4.12
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.12
|
Container Platform 4.12 | |
|
Red Hat OpenShift Developer Tools and Services 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:developer_tools_and_services_4.11
|
Developer Tools and Services 4.11 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4.11
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.11
|
Container Platform 4.11 | |
|
Red Hat OpenShift Virtualization 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:virtualization_4.13
|
Virtualization 4.13 | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform 4.13
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.13
|
Container Platform 4.13 | |
|
Red Hat OpenShift Container Platform 4.10
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4.10
|
Container Platform 4.10 |
References
33 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0111 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0111.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0111 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0111"
},
{
"category": "external",
"summary": "RHSA-2022:7398 - Security Advisory vom 2023-01-17",
"url": "https://access.redhat.com/errata/RHSA-2022:7398"
},
{
"category": "external",
"summary": "RHSA-2022:7399 - Security Advisory vom 2023-01-17",
"url": "https://access.redhat.com/errata/RHSA-2022:7399"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0264 vom 2023-01-19",
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-0328 vom 2023-01-24",
"url": "https://linux.oracle.com/errata/ELSA-2023-0328.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0328 vom 2023-01-23",
"url": "https://access.redhat.com/errata/RHSA-2023:0328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0445 vom 2023-01-25",
"url": "https://access.redhat.com/errata/RHSA-2023:0445"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0446 vom 2023-01-25",
"url": "https://access.redhat.com/errata/RHSA-2023:0446"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-0446 vom 2023-01-26",
"url": "http://linux.oracle.com/errata/ELSA-2023-0446.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0569 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0569"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0570 vom 2023-02-08",
"url": "https://access.redhat.com/errata/RHSA-2023:0570"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0631 vom 2023-02-07",
"url": "https://access.redhat.com/errata/RHSA-2023:0631"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0709 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0709"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0708 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0708"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0727 vom 2023-02-17",
"url": "https://access.redhat.com/errata/RHSA-2023:0727"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21",
"url": "https://access.redhat.com/errata/RHSA-2023:0769"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22",
"url": "https://access.redhat.com/errata/RHSA-2023:0774"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07",
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1174 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:1174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1275 vom 2023-03-15",
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2866 vom 2023-05-16",
"url": "https://access.redhat.com/errata/RHSA-2023:2866"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3205 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:3205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:1326"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3216 vom 2023-05-24",
"url": "https://access.redhat.com/errata/RHSA-2023:3216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3541 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3541"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3644 vom 2023-06-16",
"url": "https://access.redhat.com/errata/RHSA-2023:3644"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06",
"url": "https://access.redhat.com/errata/RHSA-2023:3915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2944 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2944"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3254 vom 2024-06-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-3254.html"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-06-02T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:39.528+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0111",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-19T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2023-01-24T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-02-07T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-16T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-20T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-21T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-15T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-16T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-24T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-14T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-05T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "T022509",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.0",
"product_id": "T025940"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "T025990",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "T026435",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.10",
"product_id": "T027233",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.10"
}
}
},
{
"category": "product_version",
"name": "Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "T027760",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.13"
}
}
},
{
"category": "product_version",
"name": "Virtualization 4.13",
"product": {
"name": "Red Hat OpenShift Virtualization 4.13",
"product_id": "T027763",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization_4.13"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.43",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.43",
"product_id": "T028132"
}
},
{
"category": "product_version",
"name": "Developer Tools and Services 4.11",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.11",
"product_id": "T028205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.11"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.44",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.44",
"product_id": "T028416"
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4235",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines unbegrenzten Alias-Chasing, bei dem eine in b\u00f6ser Absicht erstellte YAML-Datei dazu f\u00fchren kann, dass das System erhebliche Systemressourcen in der go-yaml-Komponente verbraucht. Ein entfernterm anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T028132",
"T008027",
"67646",
"T028416",
"T026435",
"T028205",
"T004914",
"T025990",
"T027763",
"T022509",
"T027760",
"T027233"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-4235"
},
{
"cve": "CVE-2022-2880",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund einer inkonsistenten Interpretation von HTTP Requests (HTTP Request/Response Smuggling) in Golang Go. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren."
}
],
"product_status": {
"known_affected": [
"T028132",
"T008027",
"67646",
"T028416",
"T026435",
"T028205",
"T004914",
"T025990",
"T027763",
"T022509",
"T027760",
"T027233"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-2995",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund einer fehlerhaften Behandlung der zus\u00e4tzlichen Gruppen in der CRI-O Container-Engine. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben oder m\u00f6glicherweise Daten zu ver\u00e4ndern. Au\u00dferdem kann die Schwachstelle f\u00fcr Angriffe zur Codeausf\u00fchrung aus der Ferne genutzt werden."
}
],
"product_status": {
"known_affected": [
"T028132",
"T008027",
"67646",
"T028416",
"T026435",
"T028205",
"T004914",
"T025990",
"T027763",
"T022509",
"T027760",
"T027233"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-2995"
},
{
"cve": "CVE-2022-3466",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund falscher Standardberechtigungen. Ein entfernter, authentisierter Angreifer mit Zugriff auf Programme mit vererbbaren Dateif\u00e4higkeiten kann diese Schwachstelle ausnutzen, um diese F\u00e4higkeiten auf den erlaubten Satz zu erh\u00f6hen, wenn execve(2) ausgef\u00fchrt wird. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T028132",
"T008027",
"67646",
"T028416",
"T026435",
"T028205",
"T004914",
"T025990",
"T027763",
"T022509",
"T027760",
"T027233"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-3466"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…