Action not permitted
Modal body text goes here.
CVE-2022-38900
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2024-08-03 11:02
Severity ?
EPSS score ?
Summary
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "tags": [ "x_transferred" ], "url": "https://github.com/sindresorhus/query-string/issues/345" }, { "name": "FEDORA-2023-86d75130fe", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/" }, { "name": "FEDORA-2023-a4f0b29f6c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/" }, { "name": "FEDORA-2023-2e38c3756f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/" }, { "name": "FEDORA-2023-ae96dd6105", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/" }, { "name": "FEDORA-2023-b86fd9ad80", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "url": "https://github.com/sindresorhus/query-string/issues/345" }, { "name": "FEDORA-2023-86d75130fe", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/" }, { "name": "FEDORA-2023-a4f0b29f6c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/" }, { "name": "FEDORA-2023-2e38c3756f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/" }, { "name": "FEDORA-2023-ae96dd6105", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/" }, { "name": "FEDORA-2023-b86fd9ad80", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38900", "datePublished": "2022-11-28T00:00:00", "dateReserved": "2022-08-29T00:00:00", "dateUpdated": "2024-08-03T11:02:14.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-38900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-28T13:15:10.033\",\"lastModified\":\"2023-11-07T03:50:17.220\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.\"},{\"lang\":\"es\",\"value\":\"decode-uri-component 0.2.0 es vulnerable a una validaci\u00f3n de entrada incorrecta que provoca DoS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5FAEFE5-8016-43E2-A600-46EC2CCAD87E\"}]}]}],\"references\":[{\"url\":\"https://github.com/SamVerschueren/decode-uri-component/issues/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sindresorhus/query-string/issues/345\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\",\"source\":\"cve@mitre.org\"}]}}" } }
wid-sec-w-2023-2229
Vulnerability from csaf_certbund
Published
2023-08-30 22:00
Modified
2024-05-28 22:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2229 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json" }, { "category": "self", "summary": "WID-SEC-2023-2229 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0801" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0802" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0803" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0804" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0805" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0806" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0807" }, { "category": "external", "summary": "Splunk Security Advisory vom 2023-08-30", "url": "https://advisory.splunk.com//advisories/SVD-2023-0808" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28", "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html" } ], "source_lang": "en-US", "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-28T22:00:00.000+00:00", "generator": { "date": "2024-05-29T08:07:49.870+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2229", "initial_release_date": "2023-08-30T22:00:00.000+00:00", "revision_history": [ { "date": "2023-08-30T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Oracle Linux aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c9.1.1", "product": { "name": "Splunk Splunk Enterprise \u003c9.1.1", "product_id": "T029634", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.1.1" } } }, { "category": "product_version_range", "name": "\u003c9.0.6", "product": { "name": "Splunk Splunk Enterprise \u003c9.0.6", "product_id": "T029635", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.6" } } }, { "category": "product_version_range", "name": "\u003c8.2.12", "product": { "name": "Splunk Splunk Enterprise \u003c8.2.12", "product_id": "T029636", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.12" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-7489", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2013-7489" }, { "cve": "CVE-2018-10237", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-10237" }, { "cve": "CVE-2018-20225", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2018-20225" }, { "cve": "CVE-2019-20454", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20454" }, { "cve": "CVE-2019-20838", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2019-20838" }, { "cve": "CVE-2020-14155", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-14155" }, { "cve": "CVE-2020-28469", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28469" }, { "cve": "CVE-2020-28851", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-28851" }, { "cve": "CVE-2020-29652", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-29652" }, { "cve": "CVE-2020-8169", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8177", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8231", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8284", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8285", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8286", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2021-20066", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-20066" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2021-22876", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22876" }, { "cve": "CVE-2021-22890", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22898", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22901", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22922", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22924", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22925", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22926", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-23343", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23343" }, { "cve": "CVE-2021-23382", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-23382" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-27919", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-27919" }, { "cve": "CVE-2021-29060", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29060" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-29923", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-29923" }, { "cve": "CVE-2021-31525", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31525" }, { "cve": "CVE-2021-31566", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-31566" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33198", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-33198" }, { "cve": "CVE-2021-34558", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-34558" }, { "cve": "CVE-2021-3520", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3520" }, { "cve": "CVE-2021-3572", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3572" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-3803", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-3803" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-38561", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-38561" }, { "cve": "CVE-2021-39293", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-39293" }, { "cve": "CVE-2021-41182", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41182" }, { "cve": "CVE-2021-41183", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41183" }, { "cve": "CVE-2021-41184", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41184" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-41772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-41772" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44717", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2021-44717" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1941", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1941" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-22576", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-22576" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-24921", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24921" }, { "cve": "CVE-2022-24999", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-24999" }, { "cve": "CVE-2022-25881", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-25881" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27536" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27774", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27774" }, { "cve": "CVE-2022-27775", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27775" }, { "cve": "CVE-2022-27776", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27776" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27779", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27779" }, { "cve": "CVE-2022-27780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27780" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-30115", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30115" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-3171", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3171" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-33987", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-33987" }, { "cve": "CVE-2022-3509", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3509" }, { "cve": "CVE-2022-3510", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3510" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-40897", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40897" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41720", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41720" }, { "cve": "CVE-2022-41722", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-41722" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-23915", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23915" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-24539", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24539" }, { "cve": "CVE-2023-24540", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-24540" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27537", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27537" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-29400", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29400" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29403", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29403" }, { "cve": "CVE-2023-29404", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29404" }, { "cve": "CVE-2023-29405", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Third Party Packages in Splunk Splunk Enterprise. Diese Fehler existieren unter anderem in den curl, go, decode-uri-Komponente, got, loader-utils, postcss, color-string, glob-parent, minimatch und moment Komponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-29405" }, { "cve": "CVE-2023-40592", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40592" }, { "cve": "CVE-2023-40593", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40593" }, { "cve": "CVE-2023-40594", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40594" }, { "cve": "CVE-2023-40595", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40595" }, { "cve": "CVE-2023-40596", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40596" }, { "cve": "CVE-2023-40597", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40597" }, { "cve": "CVE-2023-40598", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Splunk Splunk Enterprise. Diese Fehler bestehen in den REST-Endpunkten /app/search/table, /saml/acs, Serialized Session Payload, Dynamic Link Library, runshellscript.py und in den runshellscript-Komponenten sowie in der SPL-Funktion \u0027printf\u0027, u. a. aufgrund eines reflektierten Cross-Site-Scripting (XSS), einer unsachgem\u00e4\u00dfen Signaturvalidierung, einer unsachgem\u00e4\u00dfen Ausdrucksvalidierung und eines Path Traversal. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T002207", "T004914" ] }, "release_date": "2023-08-30T22:00:00Z", "title": "CVE-2023-40598" } ] }
wid-sec-w-2023-0424
Vulnerability from csaf_certbund
Published
2023-02-19 23:00
Modified
2023-04-12 22:00
Summary
Kibana: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Kibana ist ein Open Source Datenvisualisierungs-Plugin für Elasticsearch.
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Kibana ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Kibana ist ein Open Source Datenvisualisierungs-Plugin f\u00fcr Elasticsearch.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Kibana ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0424 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0424.json" }, { "category": "self", "summary": "WID-SEC-2023-0424 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0424" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1743 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1744 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1742 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1428 vom 2023-03-23", "url": "https://access.redhat.com/errata/RHSA-2023:1428" }, { "category": "external", "summary": "Stack Watch Security Report vom 2023-02-19", "url": "https://stack.watch/vuln/CVE-2022-38778/" } ], "source_lang": "en-US", "title": "Kibana: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2023-04-12T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:14:58.463+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0424", "initial_release_date": "2023-02-19T23:00:00.000+00:00", "revision_history": [ { "date": "2023-02-19T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-03-22T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-04-12T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Kibana \u003c 8.6.1", "product": { "name": "Open Source Kibana \u003c 8.6.1", "product_id": "T026152", "product_identification_helper": { "cpe": "cpe:/a:elasticsearch:kibana:8.6.1" } } }, { "category": "product_name", "name": "Open Source Kibana \u003c 7.17.9", "product": { "name": "Open Source Kibana \u003c 7.17.9", "product_id": "T026406", "product_identification_helper": { "cpe": "cpe:/a:elasticsearch:kibana:7.17.9" } } } ], "category": "product_name", "name": "Kibana" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Kibana. Der Fehler besteht in einer Drittanbieter-Abh\u00e4ngigkeit (Decode Uri Componentproject). Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2023-02-19T23:00:00Z", "title": "CVE-2022-38900" } ] }
wid-sec-w-2023-1350
Vulnerability from csaf_certbund
Published
2023-06-01 22:00
Modified
2024-02-15 23:00
Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1350 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json" }, { "category": "self", "summary": "WID-SEC-2023-1350 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350" }, { "category": "external", "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01", "url": "https://advisory.splunk.com/advisories/SVD-2023-0613" }, { "category": "external", "summary": "IBM Security Bulletin 7008449 vom 2023-06-29", "url": "https://www.ibm.com/support/pages/node/7008449" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html" } ], "source_lang": "en-US", "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern", "tracking": { "current_release_date": "2024-02-15T23:00:00.000+00:00", "generator": { "date": "2024-02-16T09:06:57.360+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1350", "initial_release_date": "2023-06-01T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-01T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-06-29T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM aufgenommen" }, { "date": "2024-01-23T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-02-15T23:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM DB2", "product": { "name": "IBM DB2", "product_id": "5104", "product_identification_helper": { "cpe": "cpe:/a:ibm:db2:-" } } } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 8.1.14", "product": { "name": "Splunk Splunk Enterprise \u003c 8.1.14", "product_id": "T027935", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.1.14" } } }, { "category": "product_version_range", "name": "\u003c 8.2.11", "product": { "name": "Splunk Splunk Enterprise \u003c 8.2.11", "product_id": "T027936", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:8.2.11" } } }, { "category": "product_version_range", "name": "\u003c 9.0.5", "product": { "name": "Splunk Splunk Enterprise \u003c 9.0.5", "product_id": "T027937", "product_identification_helper": { "cpe": "cpe:/a:splunk:splunk:9.0.5" } } } ], "category": "product_name", "name": "Splunk Enterprise" } ], "category": "vendor", "name": "Splunk" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27537", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27537" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23915", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23915" }, { "cve": "CVE-2023-23914", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-23914" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-4200", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-4200" }, { "cve": "CVE-2022-41720", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41720" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-37616", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37616" }, { "cve": "CVE-2022-37603", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37603" }, { "cve": "CVE-2022-37601", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37601" }, { "cve": "CVE-2022-37599", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37599" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-33987", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-33987" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30115", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-30115" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27780", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27780" }, { "cve": "CVE-2022-27779", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27779" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27776", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27776" }, { "cve": "CVE-2022-27775", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27775" }, { "cve": "CVE-2022-27774", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27774" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27191", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-27191" }, { "cve": "CVE-2022-25858", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-25858" }, { "cve": "CVE-2022-24999", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24999" }, { "cve": "CVE-2022-24921", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24921" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-23806", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23806" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2022-22576", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-22576" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2021-43565", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-43565" }, { "cve": "CVE-2021-3803", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-3803" }, { "cve": "CVE-2021-36976", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-36976" }, { "cve": "CVE-2021-3520", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-3520" }, { "cve": "CVE-2021-33587", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33587" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33502", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-33502" }, { "cve": "CVE-2021-31566", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-31566" }, { "cve": "CVE-2021-29060", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-29060" }, { "cve": "CVE-2021-27292", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-27292" }, { "cve": "CVE-2021-23382", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23382" }, { "cve": "CVE-2021-23368", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23368" }, { "cve": "CVE-2021-23343", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-23343" }, { "cve": "CVE-2021-22947", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22947" }, { "cve": "CVE-2021-22946", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22946" }, { "cve": "CVE-2021-22945", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22945" }, { "cve": "CVE-2021-22926", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22926" }, { "cve": "CVE-2021-22925", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22925" }, { "cve": "CVE-2021-22924", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22924" }, { "cve": "CVE-2021-22923", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22923" }, { "cve": "CVE-2021-22922", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22922" }, { "cve": "CVE-2021-22901", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22901" }, { "cve": "CVE-2021-22898", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22898" }, { "cve": "CVE-2021-22897", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22897" }, { "cve": "CVE-2021-22890", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22890" }, { "cve": "CVE-2021-22876", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-22876" }, { "cve": "CVE-2021-20095", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2021-20095" }, { "cve": "CVE-2020-8286", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8286" }, { "cve": "CVE-2020-8285", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8285" }, { "cve": "CVE-2020-8284", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8284" }, { "cve": "CVE-2020-8231", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8231" }, { "cve": "CVE-2020-8203", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8203" }, { "cve": "CVE-2020-8177", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8177" }, { "cve": "CVE-2020-8169", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8169" }, { "cve": "CVE-2020-8116", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-8116" }, { "cve": "CVE-2020-7774", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7774" }, { "cve": "CVE-2020-7753", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7753" }, { "cve": "CVE-2020-7662", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-7662" }, { "cve": "CVE-2020-28469", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-28469" }, { "cve": "CVE-2020-15138", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-15138" }, { "cve": "CVE-2020-13822", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2020-13822" }, { "cve": "CVE-2019-20149", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-20149" }, { "cve": "CVE-2019-10746", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-10746" }, { "cve": "CVE-2019-10744", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2019-10744" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2018-25032" }, { "cve": "CVE-2017-16042", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Splunk Splunk Enterprise in zahlreichen Komponenten von Drittanbietern (OpenSSL, curl, go, zlib, SQLite, json und weitere), die zum aktuellen Zeitpunkt nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht n\u00e4her spezifizierte Auswirkungen zu verursachen." } ], "product_status": { "known_affected": [ "T002207", "5104" ] }, "release_date": "2023-06-01T22:00:00Z", "title": "CVE-2017-16042" } ] }
wid-sec-w-2023-1542
Vulnerability from csaf_certbund
Published
2023-06-22 22:00
Modified
2024-05-21 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Zustand herbeizuführen, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1542 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1542.json" }, { "category": "self", "summary": "WID-SEC-2023-1542 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1542" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0139 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0139" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0143 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0143" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0137 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0137" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0121 vom 2024-01-10", "url": "https://access.redhat.com/errata/RHSA-2024:0121" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7820 vom 2023-12-14", "url": "https://access.redhat.com/errata/RHSA-2023:7820" }, { "category": "external", "summary": "Meinberg Security Advisory", "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3742 vom 2023-06-22", "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3612 vom 2023-06-23", "url": "https://access.redhat.com/errata/RHSA-2023:3614" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3615 vom 2023-06-22", "url": "https://access.redhat.com/errata/RHSA-2023:3615" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3613 vom 2023-06-27", "url": "https://access.redhat.com/errata/RHSA-2023:3613" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2023-06-29", "url": "https://access.redhat.com/errata/RHSA-2023:3918" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3943 vom 2023-06-29", "url": "https://access.redhat.com/errata/RHSA-2023:3943" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3910 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3910" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3915" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3925 vom 2023-07-06", "url": "https://access.redhat.com/errata/RHSA-2023:3925" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4003 vom 2023-07-10", "url": "https://access.redhat.com/errata/RHSA-2023:4003" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-6CFE7492C1 vom 2023-07-16", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-6cfe7492c1" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-AA7C75ED4A vom 2023-07-16", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-aa7c75ed4a" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4025 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4025" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4112 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4112" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4113 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4113" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4114 vom 2023-07-18", "url": "https://access.redhat.com/errata/RHSA-2023:4114" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4053 vom 2023-07-19", "url": "https://access.redhat.com/errata/RHSA-2023:4053" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4204 vom 2023-07-19", "url": "https://access.redhat.com/errata/RHSA-2023:4204" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4090 vom 2023-07-21", "url": "https://access.redhat.com/errata/RHSA-2023:4090" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4241 vom 2023-07-21", "url": "https://access.redhat.com/errata/RHSA-2023:4241" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4238 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4238" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4093 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4093" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4091 vom 2023-07-20", "url": "https://access.redhat.com/errata/RHSA-2023:4091" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4225 vom 2023-07-27", "url": "https://access.redhat.com/errata/RHSA-2023:4225" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4226 vom 2023-07-27", "url": "https://access.redhat.com/errata/RHSA-2023:4226" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4470 vom 2023-08-03", "url": "https://access.redhat.com/errata/RHSA-2023:4470" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4335 vom 2023-08-08", "url": "https://access.redhat.com/errata/RHSA-2023:4335" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4674 vom 2023-08-23", "url": "https://access.redhat.com/errata/RHSA-2023:4674" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:4983 vom 2023-09-05", "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5103 vom 2023-09-12", "url": "https://access.redhat.com/errata/RHSA-2023:5103" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5233 vom 2023-09-19", "url": "https://access.redhat.com/errata/RHSA-2023:5233" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5314 vom 2023-09-20", "url": "https://access.redhat.com/errata/RHSA-2023:5314" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5006 vom 2023-12-30", "url": "https://access.redhat.com/errata/RHSA-2023:5006" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:6316 vom 2023-11-07", "url": "https://access.redhat.com/errata/RHSA-2023:6316" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7058 vom 2023-11-15", "url": "https://access.redhat.com/errata/RHSA-2023:7058" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7823 vom 2024-01-05", "url": "https://access.redhat.com/errata/RHSA-2023:7823" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-6939 vom 2023-11-21", "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-14A33318B8 vom 2023-12-03", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-14a33318b8" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7672 vom 2023-12-06", "url": "https://access.redhat.com/errata/RHSA-2023:7672" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202405-04 vom 2024-05-04", "url": "https://security.gentoo.org/glsa/202405-04" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:2987 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:2987" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22", "url": "https://access.redhat.com/errata/RHSA-2024:3254" } ], "source_lang": "en-US", "title": "Red Hat OpenShift: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-05-21T22:00:00.000+00:00", "generator": { "date": "2024-05-22T12:11:49.378+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1542", "initial_release_date": "2023-06-22T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-22T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-06-25T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-26T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-28T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-29T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-05T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-06T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-10T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-16T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-07-17T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-18T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-20T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-07-26T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-03T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-07T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-08-23T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-05T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-12T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-19T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-20T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-07T23:00:00.000+00:00", "number": "21", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-14T23:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-11-21T23:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2023-12-03T23:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-12-06T23:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-12-13T23:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-01T23:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-04T23:00:00.000+00:00", "number": "28", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-10T23:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-30T23:00:00.000+00:00", "number": "30", "summary": "Neue Updates von Meinberg aufgenommen" }, { "date": "2024-05-05T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von Gentoo aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "32" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c7.08.007", "product": { "name": "Meinberg LANTIME \u003c7.08.007", "product_id": "T032435", "product_identification_helper": { "cpe": "cpe:/h:meinberg:lantime:7.08.007" } } } ], "category": "product_name", "name": "LANTIME" } ], "category": "vendor", "name": "Meinberg" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "Advanced Cluster Security for Kubernetes 4", "product": { "name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4", "product_id": "T027916", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4" } } }, { "category": "product_version", "name": "Service Interconnect 1", "product": { "name": "Red Hat Enterprise Linux Service Interconnect 1", "product_id": "T028472", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:service_interconnect_1" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift", "product": { "name": "Red Hat OpenShift", "product_id": "T008027", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:-" } } }, { "category": "product_version", "name": "Container Platform 4.12", "product": { "name": "Red Hat OpenShift Container Platform 4.12", "product_id": "T026435", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.12" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.13.4", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.13.4", "product_id": "T028225", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.13.4" } } }, { "category": "product_version_range", "name": "Data Foundation \u003c4.13.0", "product": { "name": "Red Hat OpenShift Data Foundation \u003c4.13.0", "product_id": "T028289", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:data_foundation_4.13.0" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.12.22", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.12.22", "product_id": "T028307", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.22" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.11.44", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.11.44", "product_id": "T028416", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44" } } }, { "category": "product_version_range", "name": "Data Foundation \u003c4.12.10", "product": { "name": "Red Hat OpenShift Data Foundation \u003c4.12.10", "product_id": "T031698", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:data_foundation__4.12.10" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.14.0", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.14.0", "product_id": "T031839", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.0" } } }, { "category": "product_version_range", "name": "Container Platform \u003c4.12.46", "product": { "name": "Red Hat OpenShift Container Platform \u003c4.12.46", "product_id": "T031870", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.46" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-20107", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2015-20107" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2018-25032" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-16250", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-16250" }, { "cve": "CVE-2020-16251", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-16251" }, { "cve": "CVE-2020-17049", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2020-17049" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-3765", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-3765" }, { "cve": "CVE-2021-3807", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-3807" }, { "cve": "CVE-2021-4231", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4231" }, { "cve": "CVE-2021-4235", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4235" }, { "cve": "CVE-2021-4238", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-4238" }, { "cve": "CVE-2021-43519", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-43519" }, { "cve": "CVE-2021-43998", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-43998" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44964", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-44964" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0670", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-0670" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1304", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1304" }, { "cve": "CVE-2022-1348", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1348" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-21824", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-21824" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-23540", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-23540" }, { "cve": "CVE-2022-23541", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-23541" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2509", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2509" }, { "cve": "CVE-2022-26280", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-26280" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-28805", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-28805" }, { "cve": "CVE-2022-29154", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-29154" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-3094", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3094" }, { "cve": "CVE-2022-31129", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-31129" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32190", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-32190" }, { "cve": "CVE-2022-33099", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-33099" }, { "cve": "CVE-2022-3358", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3358" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3517", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3517" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-3715", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3715" }, { "cve": "CVE-2022-3736", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3736" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-38149", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-38149" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38900", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-38900" }, { "cve": "CVE-2022-3924", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-3924" }, { "cve": "CVE-2022-40023", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40023" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40897", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-40897" }, { "cve": "CVE-2022-41316", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41316" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41723", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41723" }, { "cve": "CVE-2022-41724", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41724" }, { "cve": "CVE-2022-41725", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-41725" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-42919", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-42919" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45873", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-45873" }, { "cve": "CVE-2022-46175", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-46175" }, { "cve": "CVE-2022-47024", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-47024" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-48303", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48303" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48338", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48338" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0361", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0361" }, { "cve": "CVE-2023-0620", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0620" }, { "cve": "CVE-2023-0665", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-0665" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-2491", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-2491" }, { "cve": "CVE-2023-24999", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-24999" }, { "cve": "CVE-2023-25000", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-25000" }, { "cve": "CVE-2023-25136", "notes": [ { "category": "description", "text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese sind auf Fehler in verschiedenen Komponenten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen." } ], "product_status": { "known_affected": [ "T032435", "T031698", "T008027", "T028472", "67646", "T012167", "T004914", "74185", "T031870", "T027916", "T028307", "T028416", "T026435", "T028225", "T031839" ] }, "release_date": "2023-06-22T22:00:00Z", "title": "CVE-2023-25136" } ] }
rhsa-2023_1742
Vulnerability from csaf_redhat
Published
2023-04-12 15:04
Modified
2024-11-15 17:14
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1742", "url": "https://access.redhat.com/errata/RHSA-2023:1742" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142822" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "2175827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175827" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1742.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-15T17:14:00+00:00", "generator": { "date": "2024-11-15T17:14:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1742", "initial_release_date": "2023-04-12T15:04:47+00:00", "revision_history": [ { "date": "2023-04-12T15:04:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T15:04:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:14:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8060020230306170237:ad008a3a", "product": { "name": "nodejs:14:8060020230306170237:ad008a3a", "product_id": "nodejs:14:8060020230306170237:ad008a3a", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8060020230306170237:ad008a3a" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product": { "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product_id": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, "product_reference": "nodejs:14:8060020230306170237:ad008a3a", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch" }, "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 as a component of nodejs:14:8060020230306170237:ad008a3a as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", "product_id": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:04:47+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x", "AppStream-8.6.0.Z.EUS:nodejs:14:8060020230306170237:ad008a3a:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_1744
Vulnerability from csaf_redhat
Published
2023-04-12 15:10
Modified
2024-11-15 17:13
Summary
Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update
Notes
Topic
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1744", "url": "https://access.redhat.com/errata/RHSA-2023:1744" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2153715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153715" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1744.json" } ], "title": "Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-15T17:13:02+00:00", "generator": { "date": "2024-11-15T17:13:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1744", "initial_release_date": "2023-04-12T15:10:50+00:00", "revision_history": [ { "date": "2023-04-12T15:10:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T15:10:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:13:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-0:3.6-2.el7.src", "product": { "name": "rh-nodejs14-0:3.6-2.el7.src", "product_id": "rh-nodejs14-0:3.6-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14@3.6-2.el7?arch=src" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "product": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "product_id": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-0:3.6-2.el7.x86_64", "product": { "name": "rh-nodejs14-0:3.6-2.el7.x86_64", "product_id": "rh-nodejs14-0:3.6-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14@3.6-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "product": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "product_id": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-runtime@3.6-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "product": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "product_id": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-scldevel@3.6-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.3-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.3-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "product": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "product_id": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.18-14.21.3.2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.3-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-0:3.6-2.el7.s390x", "product": { "name": "rh-nodejs14-0:3.6-2.el7.s390x", "product_id": "rh-nodejs14-0:3.6-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14@3.6-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-runtime-0:3.6-2.el7.s390x", "product": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.s390x", "product_id": "rh-nodejs14-runtime-0:3.6-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-runtime@3.6-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "product": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "product_id": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-scldevel@3.6-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.3-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.3-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "product": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "product_id": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.18-14.21.3.2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.3-2.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-0:3.6-2.el7.ppc64le", "product": { "name": "rh-nodejs14-0:3.6-2.el7.ppc64le", "product_id": "rh-nodejs14-0:3.6-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14@3.6-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "product": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "product_id": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-runtime@3.6-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "product": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "product_id": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-scldevel@3.6-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs@14.21.3-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-devel@14.21.3-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-full-i18n@14.21.3-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "product": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "product_id": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-npm@6.14.18-14.21.3.2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "product": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "product_id": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-debuginfo@14.21.3-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "product": { "name": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "product_id": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs14-nodejs-docs@14.21.3-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch" }, "product_reference": "rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64" }, "product_reference": "rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64" }, "product_reference": "rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" }, "product_reference": "rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:10:50+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1744" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:10:50+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1744" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:10:50+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1744" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:10:50+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1744" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:10:50+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1744" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Server-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.src", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-debuginfo-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-devel-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-docs-0:14.21.3-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-nodejs-full-i18n-0:14.21.3-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-npm-0:6.14.18-14.21.3.2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-runtime-0:3.6-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-nodejs14-scldevel-0:3.6-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_3742
Vulnerability from csaf_redhat
Published
2023-06-21 15:22
Modified
2024-11-14 00:04
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Notes
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* vault: Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250)
* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)
* vault: incorrect policy enforcement (CVE-2021-43998)
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass (CVE-2022-23540)
* jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
* consul: Consul Template May Expose Vault Secrets When Processing Invalid Input (CVE-2022-38149)
* vault: insufficient certificate revocation list checking (CVE-2022-41316)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)
* hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)
* Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation (CVE-2023-24999)
* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)
* validator: Inefficient Regular Expression Complexity in Validator.js (CVE-2021-3765)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* vault: Hashicorp Vault AWS IAM Integration Authentication Bypass (CVE-2020-16250)\n\n* vault: GCP Auth Method Allows Authentication Bypass (CVE-2020-16251)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* vault: incorrect policy enforcement (CVE-2021-43998)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass (CVE-2022-23540)\n\n* jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC (CVE-2022-23541)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\n* consul: Consul Template May Expose Vault Secrets When Processing Invalid Input (CVE-2022-38149)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)\n\n* Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation (CVE-2023-24999)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)\n\n* validator: Inefficient Regular Expression Complexity in Validator.js (CVE-2021-3765)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3742", "url": "https://access.redhat.com/errata/RHSA-2023:3742" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index" }, { "category": "external", "summary": "1786696", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786696" }, { "category": "external", "summary": "1855339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855339" }, { "category": "external", "summary": "1943137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943137" }, { "category": "external", "summary": "1944687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944687" }, { "category": "external", "summary": "1989088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989088" }, { "category": "external", "summary": "2005040", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005040" }, { "category": "external", "summary": "2005830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005830" }, { "category": "external", "summary": "2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "2028193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193" }, { "category": "external", "summary": "2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "2042914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042914" }, { "category": "external", "summary": "2052252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052252" }, { "category": "external", "summary": "2101497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101497" }, { "category": "external", "summary": "2101916", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101916" }, { "category": "external", "summary": "2102304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102304" }, { "category": "external", "summary": "2104148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104148" }, { "category": "external", "summary": "2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2115020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115020" }, { "category": "external", "summary": "2115616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115616" }, { "category": "external", "summary": "2119551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119551" }, { "category": "external", "summary": "2120098", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120098" }, { "category": "external", "summary": "2120944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120944" }, { "category": "external", "summary": "2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2126299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126299" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2135339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135339" }, { "category": "external", "summary": "2139037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139037" }, { "category": "external", "summary": "2141095", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141095" }, { "category": "external", "summary": "2142651", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142651" }, { "category": "external", "summary": "2142894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142894" }, { "category": "external", "summary": "2142941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142941" }, { "category": "external", "summary": "2143944", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143944" }, { "category": "external", "summary": "2144256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144256" }, { "category": "external", "summary": "2151903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151903" }, { "category": "external", "summary": "2152143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152143" }, { "category": "external", "summary": "2154250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154250" }, { "category": "external", "summary": "2155507", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155507" }, { "category": "external", "summary": "2155743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155743" }, { "category": "external", "summary": "2156067", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156067" }, { "category": "external", "summary": "2156069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156069" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156519" }, { "category": "external", "summary": "2156727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156727" }, { "category": "external", "summary": "2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "2157876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2157876" }, { "category": "external", "summary": "2158922", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158922" }, { "category": "external", "summary": "2159676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159676" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "2161879", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161879" }, { "category": "external", "summary": "2161937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161937" }, { "category": "external", "summary": "2162257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162257" }, { "category": "external", "summary": "2164617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164617" }, { "category": "external", "summary": "2165495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165495" }, { "category": "external", "summary": "2165504", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165504" }, { "category": "external", "summary": "2165929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165929" }, { "category": "external", "summary": "2165938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165938" }, { "category": "external", "summary": "2165984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165984" }, { "category": "external", "summary": "2166222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166222" }, { "category": "external", "summary": "2166234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166234" }, { "category": "external", "summary": "2166869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166869" }, { "category": "external", "summary": "2167299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167299" }, { "category": "external", "summary": "2167308", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167308" }, { "category": "external", "summary": "2167337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167337" }, { "category": "external", "summary": "2167340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340" }, { "category": "external", "summary": "2167946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167946" }, { "category": "external", "summary": "2168113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168113" }, { "category": "external", "summary": "2168635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168635" }, { "category": "external", "summary": "2168840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168840" }, { "category": "external", "summary": "2168849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168849" }, { "category": "external", "summary": "2169375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169375" }, { "category": "external", "summary": "2169378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169378" }, { "category": "external", "summary": "2169779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169779" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2170673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170673" }, { "category": "external", "summary": "2172089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172089" }, { "category": "external", "summary": "2172365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172365" }, { "category": "external", "summary": "2172521", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172521" }, { "category": "external", "summary": "2173161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173161" }, { "category": "external", "summary": "2173528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173528" }, { "category": "external", "summary": "2173534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173534" }, { "category": "external", "summary": "2173926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173926" }, { "category": "external", "summary": "2175612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175612" }, { "category": "external", "summary": "2175685", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175685" }, { "category": "external", "summary": "2175714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175714" }, { "category": "external", "summary": "2175867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175867" }, { "category": "external", "summary": "2176080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176080" }, { "category": "external", "summary": "2176456", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176456" }, { "category": "external", "summary": "2176739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176739" }, { "category": "external", "summary": "2176776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176776" }, { "category": "external", "summary": "2176798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176798" }, { "category": "external", "summary": "2176809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176809" }, { "category": "external", "summary": "2177134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177134" }, { "category": "external", "summary": "2177221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177221" }, { "category": "external", "summary": "2177325", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177325" }, { "category": "external", "summary": "2177695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177695" }, { "category": "external", "summary": "2177844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177844" }, { "category": "external", "summary": "2178033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178033" }, { "category": "external", "summary": "2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "2178588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178588" }, { "category": "external", "summary": "2178619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178619" }, { "category": "external", "summary": "2178682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178682" }, { "category": "external", "summary": "2179133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179133" }, { "category": "external", "summary": "2179337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179337" }, { "category": "external", "summary": "2179403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179403" }, { "category": "external", "summary": "2179846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179846" }, { "category": "external", "summary": "2179860", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179860" }, { "category": "external", "summary": "2179976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179976" }, { "category": "external", "summary": "2179981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179981" }, { "category": "external", "summary": "2179997", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179997" }, { "category": "external", "summary": "2180211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180211" }, { "category": "external", "summary": "2180397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180397" }, { "category": "external", "summary": "2180440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180440" }, { "category": "external", "summary": "2180921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180921" }, { "category": "external", "summary": "2181112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181112" }, { "category": "external", "summary": "2181133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181133" }, { "category": "external", "summary": "2181446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181446" }, { "category": "external", "summary": "2181535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181535" }, { "category": "external", "summary": "2181551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181551" }, { "category": "external", "summary": "2181832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181832" }, { "category": "external", "summary": "2181949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181949" }, { "category": "external", "summary": "2182041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182041" }, { "category": "external", "summary": "2182296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182296" }, { "category": "external", "summary": "2182375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182375" }, { "category": "external", "summary": "2182644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182644" }, { "category": "external", "summary": "2182664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182664" }, { "category": "external", "summary": "2182703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182703" }, { "category": "external", "summary": "2182972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182972" }, { "category": "external", "summary": "2182981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182981" }, { "category": "external", "summary": "2183155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183155" }, { "category": "external", "summary": "2183196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183196" }, { "category": "external", "summary": "2183266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183266" }, { "category": "external", "summary": "2183457", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183457" }, { "category": "external", "summary": "2183478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183478" }, { "category": "external", "summary": "2183520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183520" }, { "category": "external", "summary": "2184068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184068" }, { "category": "external", "summary": "2184605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184605" }, { "category": "external", "summary": "2184663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184663" }, { "category": "external", "summary": "2184769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184769" }, { "category": "external", "summary": "2184773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184773" }, { "category": "external", "summary": "2184892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184892" }, { "category": "external", "summary": "2184984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184984" }, { "category": "external", "summary": "2185164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185164" }, { "category": "external", "summary": "2185188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185188" }, { "category": "external", "summary": "2185757", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185757" }, { "category": "external", "summary": "2185871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185871" }, { "category": "external", "summary": "2186171", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186171" }, { "category": "external", "summary": "2186225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186225" }, { "category": "external", "summary": "2186475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186475" }, { "category": "external", "summary": "2186752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186752" }, { "category": "external", "summary": "2187251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187251" }, { "category": "external", "summary": "2187296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187296" }, { "category": "external", "summary": "2187736", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187736" }, { "category": "external", "summary": "2187952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187952" }, { "category": "external", "summary": "2187969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187969" }, { "category": "external", "summary": "2187986", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187986" }, { "category": "external", "summary": "2188053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188053" }, { "category": "external", "summary": "2188238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188238" }, { "category": "external", "summary": "2188303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188303" }, { "category": "external", "summary": "2188427", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188427" }, { "category": "external", "summary": "2188666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188666" }, { "category": "external", "summary": "2189483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189483" }, { "category": "external", "summary": "2189929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189929" }, { "category": "external", "summary": "2189982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189982" }, { "category": "external", "summary": "2189984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189984" }, { "category": "external", "summary": "2190129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190129" }, { "category": "external", "summary": "2190241", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190241" }, { "category": "external", "summary": "2192088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192088" }, { "category": "external", "summary": "2192670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192670" }, { "category": "external", "summary": "2192824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192824" }, { "category": "external", "summary": "2192875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192875" }, { "category": "external", "summary": "2193114", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193114" }, { "category": "external", "summary": "2193220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193220" }, { "category": "external", "summary": "2196176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196176" }, { "category": "external", "summary": "2196236", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196236" }, { "category": "external", "summary": "2196298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196298" }, { "category": "external", "summary": "2203795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203795" }, { "category": "external", "summary": "2208029", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208029" }, { "category": "external", "summary": "2208079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208079" }, { "category": "external", "summary": "2208269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208269" }, { "category": "external", "summary": "2208558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208558" }, { "category": "external", "summary": "2208962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208962" }, { "category": "external", "summary": "2209364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209364" }, { "category": "external", "summary": "2209643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209643" }, { "category": "external", "summary": "2209695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209695" }, { "category": "external", "summary": "2210964", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210964" }, { "category": "external", "summary": "2211334", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211334" }, { "category": "external", "summary": "2211343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211343" }, { "category": "external", "summary": "2211704", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211704" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3742.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update", "tracking": { "current_release_date": "2024-11-14T00:04:11+00:00", "generator": { "date": "2024-11-14T00:04:11+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2023:3742", "initial_release_date": "2023-06-21T15:22:11+00:00", "revision_history": [ { "date": "2023-06-21T15:22:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-22T19:51:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T00:04:11+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHODF 4.13 for RHEL 9", "product": { "name": "RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9" } } } ], "category": "product_family", "name": "Red Hat OpenShift Data Foundation" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product": { "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product_id": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product_id": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product": { "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product_id": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product": { "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product_id": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product_id": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product_id": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product": { "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product_id": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product_id": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product": { "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product_id": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product_id": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product": { "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product_id": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product": { "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product_id": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product_id": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product_id": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product": { "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product_id": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product": { "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product_id": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product": { "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product_id": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product": { "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product_id": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product": { "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product_id": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product": { "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product_id": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product_id": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product_id": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product": { "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product_id": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product": { "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product_id": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product": { "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product_id": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product_id": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product": { "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product_id": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product": { "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product_id": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product_id": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product_id": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product": { "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product_id": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product": { "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product_id": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "product_identification_helper": { "purl": "pkg:oci/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product": { "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product_id": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product": { "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product_id": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product": { "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product_id": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product": { "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product_id": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product": { "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product_id": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product_id": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product_id": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel9\u0026tag=v4.13.0-78" } } }, { "category": "product_version", "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product": { "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product_id": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product": { "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product_id": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product": { "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product_id": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel9\u0026tag=v4.13.0-85" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product_id": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product": { "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product_id": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel9\u0026tag=v4.13.0-81" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product": { "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product_id": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product_id": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product": { "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product_id": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product": { "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product_id": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product": { "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product_id": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.13.0-218" } } }, { "category": "product_version", "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product": { "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product_id": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.13.0-217" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product": { "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product_id": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } }, { "category": "product_version", "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product": { "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product_id": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "product_identification_helper": { "purl": "pkg:oci/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel9-operator\u0026tag=v4.13.0-70" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product": { "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product_id": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-cli-rhel9\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product": { "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product_id": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel9\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product": { "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product_id": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "product_identification_helper": { "purl": "pkg:oci/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac?arch=arm64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel9-operator\u0026tag=v4.13.0-41" } } }, { "category": "product_version", "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product": { "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product_id": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel9-operator\u0026tag=v4.13.0-17" } } }, { "category": "product_version", "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product": { "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product_id": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "product_identification_helper": { "purl": "pkg:oci/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel9-operator\u0026tag=v4.13.0-67" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product_id": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product_id": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product_id": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel9-operator\u0026tag=v4.13.0-18" } } }, { "category": "product_version", "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product": { "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product_id": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-must-gather-rhel9\u0026tag=v4.13.0-35" } } }, { "category": "product_version", "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product": { "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product_id": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "product_identification_helper": { "purl": "pkg:oci/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odf-rhel9-operator\u0026tag=v4.13.0-24" } } }, { "category": "product_version", "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product": { "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product_id": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "product_identification_helper": { "purl": "pkg:oci/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d?arch=arm64\u0026repository_url=registry.redhat.io/odf4/odr-rhel9-operator\u0026tag=v4.13.0-33" } } } ], "category": "architecture", "name": "arm64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64" }, "product_reference": "odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x" }, "product_reference": "odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" }, "product_reference": "odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le" }, "product_reference": "odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le" }, "product_reference": "odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x" }, "product_reference": "odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" }, "product_reference": "odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le" }, "product_reference": "odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x" }, "product_reference": "odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64" }, "product_reference": "odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" }, "product_reference": "odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le" }, "product_reference": "odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64" }, "product_reference": "odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x" }, "product_reference": "odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le" }, "product_reference": "odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x" }, "product_reference": "odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64" }, "product_reference": "odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le" }, "product_reference": "odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64" }, "product_reference": "odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le" }, "product_reference": "odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" }, "product_reference": "odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x" }, "product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64" }, "product_reference": "odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64" }, "product_reference": "odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x" }, "product_reference": "odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64" }, "product_reference": "odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le" }, "product_reference": "odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le" }, "product_reference": "odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le" }, "product_reference": "odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x" }, "product_reference": "odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64" }, "product_reference": "odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x" }, "product_reference": "odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64" }, "product_reference": "odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" }, "product_reference": "odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le" }, "product_reference": "odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" }, "product_reference": "odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le" }, "product_reference": "odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64" }, "product_reference": "odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" }, "product_reference": "odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64 as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "relates_to_product_reference": "9Base-RHODF-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le as a component of RHODF 4.13 for RHEL 9", "product_id": "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" }, "product_reference": "odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le", "relates_to_product_reference": "9Base-RHODF-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-16250", "cwe": { "id": "CWE-345", "name": "Insufficient Verification of Data Authenticity" }, "discovery_date": "2023-02-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167337" } ], "notes": [ { "category": "description", "text": "A flaw was found in Vault and Vault Enterprise (\u201cVault\u201d). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM identities and roles may be manipulated and bypass authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: Hashicorp Vault AWS IAM Integration Authentication Bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16250" }, { "category": "external", "summary": "RHBZ#2167337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16250", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16250" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16250" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2020-16-vault-s-aws-auth-method-allows-authentication-bypass/18101", "url": "https://discuss.hashicorp.com/t/hcsec-2020-16-vault-s-aws-auth-method-allows-authentication-bypass/18101" } ], "release_date": "2020-08-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: Hashicorp Vault AWS IAM Integration Authentication Bypass" }, { "cve": "CVE-2020-16251", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "discovery_date": "2023-02-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167340" } ], "notes": [ { "category": "description", "text": "A flaw was found in Vault and Vault Enterprise (\u201cVault\u201d). In affected versions of Vault, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and bypass authentication.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: GCP Auth Method Allows Authentication Bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16251" }, { "category": "external", "summary": "RHBZ#2167340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16251", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16251" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16251" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102", "url": "https://discuss.hashicorp.com/t/hcsec-2020-17-vault-s-gcp-auth-method-allows-authentication-bypass/18102" } ], "release_date": "2020-08-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: GCP Auth Method Allows Authentication Bypass" }, { "cve": "CVE-2021-3765", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-09-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126299" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "validator: Inefficient Regular Expression Complexity in Validator.js", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3765" }, { "category": "external", "summary": "RHBZ#2126299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126299" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3765", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3765" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3765", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3765" }, { "category": "external", "summary": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9", "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9" } ], "release_date": "2021-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "validator: Inefficient Regular Expression Complexity in Validator.js" }, { "cve": "CVE-2021-3807", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2007557" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3807" }, { "category": "external", "summary": "RHBZ#2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" }, { "category": "external", "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994", "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes" }, { "cve": "CVE-2021-4235", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156727" } ], "notes": [ { "category": "description", "text": "A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.", "title": "Vulnerability description" }, { "category": "summary", "text": "go-yaml: Denial of Service in go-yaml", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4235" }, { "category": "external", "summary": "RHBZ#2156727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156727" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4235", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4235" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241", "url": "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241" }, { "category": "external", "summary": "https://github.com/go-yaml/yaml/pull/375", "url": "https://github.com/go-yaml/yaml/pull/375" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2021-0061", "url": "https://pkg.go.dev/vuln/GO-2021-0061" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "go-yaml: Denial of Service in go-yaml" }, { "cve": "CVE-2021-4238", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156729" } ], "notes": [ { "category": "description", "text": "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4238" }, { "category": "external", "summary": "RHBZ#2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4238", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238" }, { "category": "external", "summary": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3839-6r69-m497", "url": "https://github.com/advisories/GHSA-3839-6r69-m497" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0411", "url": "https://pkg.go.dev/vuln/GO-2022-0411" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be" }, { "cve": "CVE-2021-43998", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "discovery_date": "2021-11-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2028193" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: incorrect policy enforcement", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43998" }, { "category": "external", "summary": "RHBZ#2028193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43998", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43998" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" } ], "release_date": "2021-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: incorrect policy enforcement" }, { "cve": "CVE-2021-44531", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040839" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Improper handling of URI Subject Alternative Names", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44531" }, { "category": "external", "summary": "RHBZ#2040839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Improper handling of URI Subject Alternative Names" }, { "cve": "CVE-2021-44532", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040846" } ], "notes": [ { "category": "description", "text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Certificate Verification Bypass via String Injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44532" }, { "category": "external", "summary": "RHBZ#2040846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Certificate Verification Bypass via String Injection" }, { "cve": "CVE-2021-44533", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040856" } ], "notes": [ { "category": "description", "text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Incorrect handling of certificate subject and issuer fields", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44533" }, { "category": "external", "summary": "RHBZ#2040856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Incorrect handling of certificate subject and issuer fields" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-21824", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-01-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040862" } ], "notes": [ { "category": "description", "text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Prototype pollution via console.table properties", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21824" }, { "category": "external", "summary": "RHBZ#2040862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/" } ], "release_date": "2022-01-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: Prototype pollution via console.table properties" }, { "cve": "CVE-2022-23540", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2023-02-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169378" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jsonwebtoken library. In affected versions of the jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function may lead to signature validation bypass due to defaulting to the none algorithm for signature verification.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23540" }, { "category": "external", "summary": "RHBZ#2169378", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169378" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23540", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23540" }, { "category": "external", "summary": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6", "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-qwph-4952-7xr6" } ], "release_date": "2022-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jsonwebtoken: Insecure default algorithm in jwt.verify() could lead to signature validation bypass" }, { "cve": "CVE-2022-23541", "cwe": { "id": "CWE-1259", "name": "Improper Restriction of Security Token Assignment" }, "discovery_date": "2023-02-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169375" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jsonwebtoken library. Affected versions of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function will result in incorrect verification of tokens. Using a different algorithm and key combination in verification than what was used to sign the tokens, specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to the successful validation of forged tokens.", "title": "Vulnerability description" }, { "category": "summary", "text": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23541" }, { "category": "external", "summary": "RHBZ#2169375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169375" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23541", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23541", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23541" }, { "category": "external", "summary": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959", "url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-hjrf-2m68-5959" } ], "release_date": "2022-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jsonwebtoken: Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-30635", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107388" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30635" }, { "category": "external", "summary": "RHBZ#2107388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635" }, { "category": "external", "summary": "https://go.dev/issue/53615", "url": "https://go.dev/issue/53615" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/gob: stack exhaustion in Decoder.Decode" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-32190", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124668" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/url: JoinPath does not strip relative path components in all circumstances", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32190" }, { "category": "external", "summary": "RHBZ#2124668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190" }, { "category": "external", "summary": "https://go.dev/issue/54385", "url": "https://go.dev/issue/54385" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/url: JoinPath does not strip relative path components in all circumstances" }, { "cve": "CVE-2022-38149", "cwe": { "id": "CWE-532", "name": "Insertion of Sensitive Information into Log File" }, "discovery_date": "2022-08-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119551" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template.", "title": "Vulnerability description" }, { "category": "summary", "text": "consul: Consul Template May Expose Vault Secrets When Processing Invalid Input", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38149" }, { "category": "external", "summary": "RHBZ#2119551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119551" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38149" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215", "url": "https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215" } ], "release_date": "2022-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "consul: Consul Template May Expose Vault Secrets When Processing Invalid Input" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-41316", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135339" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault and Vault Enterprise. Vault\u2019s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role\u2019s Certificate Authority (CA) into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: insufficient certificate revocation list checking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41316" }, { "category": "external", "summary": "RHBZ#2135339", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135339" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41316", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41316" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41316", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41316" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483", "url": "https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483" } ], "release_date": "2022-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: insufficient certificate revocation list checking" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" }, { "acknowledgments": [ { "names": [ "Philippe Antoine" ], "organization": "Catena Cyber" } ], "cve": "CVE-2022-41723", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178358" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41723" }, { "category": "external", "summary": "RHBZ#2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h" }, { "category": "external", "summary": "https://go.dev/cl/468135", "url": "https://go.dev/cl/468135" }, { "category": "external", "summary": "https://go.dev/cl/468295", "url": "https://go.dev/cl/468295" }, { "category": "external", "summary": "https://go.dev/issue/57855", "url": "https://go.dev/issue/57855" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1571", "url": "https://pkg.go.dev/vuln/GO-2023-1571" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-1571.json", "url": "https://vuln.go.dev/ID/GO-2023-1571.json" } ], "release_date": "2023-02-17T14:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding" }, { "cve": "CVE-2022-41724", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178492" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: large handshake records may cause panics", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41724" }, { "category": "external", "summary": "RHBZ#2178492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724" }, { "category": "external", "summary": "https://go.dev/cl/468125", "url": "https://go.dev/cl/468125" }, { "category": "external", "summary": "https://go.dev/issue/58001", "url": "https://go.dev/issue/58001" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1570", "url": "https://pkg.go.dev/vuln/GO-2023-1570" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: large handshake records may cause panics" }, { "cve": "CVE-2022-41725", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2178488" } ], "notes": [ { "category": "description", "text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41725" }, { "category": "external", "summary": "RHBZ#2178488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725" }, { "category": "external", "summary": "https://go.dev/cl/468124", "url": "https://go.dev/cl/468124" }, { "category": "external", "summary": "https://go.dev/issue/58006", "url": "https://go.dev/issue/58006" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1569", "url": "https://pkg.go.dev/vuln/GO-2023-1569" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2023-0620", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2023-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184663" } ], "notes": [ { "category": "description", "text": "A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend, which could allow the attacker to view, add, modify, or delete information in the backend database.", "title": "Vulnerability description" }, { "category": "summary", "text": "vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0620" }, { "category": "external", "summary": "RHBZ#2184663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184663" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0620", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0620" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080", "url": "https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File" }, { "cve": "CVE-2023-0665", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2023-03-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182981" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. Vault\u2019s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in a denial of service of the PKI mount. This bug did not affect public or private key material, trust chains, or certificate issuance.", "title": "Vulnerability description" }, { "category": "summary", "text": "hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0665" }, { "category": "external", "summary": "RHBZ#2182981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0665", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0665" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0665", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0665" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1", "url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata" }, { "cve": "CVE-2023-24999", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177844" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor.", "title": "Vulnerability description" }, { "category": "summary", "text": "Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24999" }, { "category": "external", "summary": "RHBZ#2177844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177844" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24999" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305", "url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation" }, { "cve": "CVE-2023-25000", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2023-03-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182972" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel to reduce the search space of a brute-force effort to recover the Shamir shares.", "title": "Vulnerability description" }, { "category": "summary", "text": "hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "known_not_affected": [ "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:069d8bdcaa6ddc628f115d6ec3f3e851e06d4274594d9cd3cd567e574ba1baed_amd64", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:3cc3dfbc6d6227a4085ffc5bef9dab0702e7d2096ad782b6b0c9c002f1e60749_s390x", "9Base-RHODF-4.13:odf4/cephcsi-rhel9@sha256:e1af0b5bc33688e5ca9c209658dd44285f4d1707e0c165a7c6a7f4934006f5f9_ppc64le", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:05955b12d9597865f21a2fce097eecaf16218d1b2a3147fbdd0fe0199f792549_arm64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:357598ae9ea1314a29e9321aff303c36002b499e6474e14ae58ed63290a76f55_amd64", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:861762b4a8aa19ed2ece5d1b48a2aea137dbba2b03af40570bdb60ceda426dde_s390x", "9Base-RHODF-4.13:odf4/mcg-cli-rhel9@sha256:945ca7475dff23abc318af69b9513b9412f3b8b3498fbeb8c59c114c5fdeea2c_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:1f4994c5fa092afb665c3b63a8691ba5b15702f83fbd1e4ac70eb1803f6f68f2_ppc64le", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:5d0ab671d71e1d6307836a05e0a9f14bb260277f646dc63252291b12921473c2_s390x", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:862a2ab41511a86c7e7ee1f0538736b78e49035f3e8fb6d8e801608b913c2826_amd64", "9Base-RHODF-4.13:odf4/mcg-core-rhel9@sha256:f37b4f0598d46dd8ca2183ea52d52e96163f71666617a98c671100a705be2cb0_arm64", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:1e1adf4e3f3766f183daf98ff88de7dbb76cd000a81ac2e698ca74e9e0f2c0e6_ppc64le", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:d5bea64dc86eee978b678c6d47d855568b97a18c9c5c3e5998f0ca36f945a296_s390x", "9Base-RHODF-4.13:odf4/mcg-operator-bundle@sha256:ebfd21cd14efd7c95d53c8f3b939e4e8167ae9aed8ad12ce1985a3d09e2a51be_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:5143db374ccea9fe2a7ca95b1bc655c403509faff7e42b8c672767bc2863418e_amd64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:a2e6602ddc468c91df80eeb06e0dff4dc1fa509b4b68de43be466b9bd1a90316_s390x", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e05c0308d1008f447f87bdea4b23ef56e98d27cd6845c261f5d31cb9cdbb46ac_arm64", "9Base-RHODF-4.13:odf4/mcg-rhel9-operator@sha256:e7e47e90eba427843513e2bc868d4ae3f0816db9847ddec4f96a6f41cd0769ab_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:150eea388a6ede971105b485c52ed4cbd4d3f0c8dffa32bf09d08b542e109362_s390x", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:4c595ee2b908460180617dba1057fab5e48d8ddd07d434948ebbd9232bec80de_amd64", "9Base-RHODF-4.13:odf4/ocs-client-operator-bundle@sha256:fdeab34e65c61763315f4a3ce0d8a092c825589f58ea4d9e320a2376955023bf_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:3258ec9716f45b3428352cc3510d6d8b3ca41ed75fd1a81cd61275249d3fef90_s390x", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:9e67b060718c891f53d000f0899006f226d703de63b6feede42ea45df9686b64_amd64", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:d89f084da3f8d145b1e5e9e4d0dc63994c06422b6df92c9efac0e162fd8610b2_ppc64le", "9Base-RHODF-4.13:odf4/ocs-client-rhel9-operator@sha256:e692d480075469adeb6fbec1d08121fadaedcde7950e5a2dfdfb6024e38d8990_arm64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:2d6cdbf994a9bd03e80b8fba39d6d4b033622615c543ff0300ee960508ae07aa_amd64", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:7d1c503d9f48a8efec3f06aa3deb28144a888c88f1bb3beeeb2465ae58b5e394_ppc64le", "9Base-RHODF-4.13:odf4/ocs-metrics-exporter-rhel9@sha256:c5a5c9515f2b2564ecd718886f2e27ec54402d29ea4bf6e1ad33f63eb0bd9d57_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:24bc40a30a9c0731ac718374fdae5b7e1c45f103495294245d704ca0f69f35df_ppc64le", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:9ae5f567047c26d7ebb36c53c304f402b03c276923621e3dd51d35d1b4b0e0d0_s390x", "9Base-RHODF-4.13:odf4/ocs-operator-bundle@sha256:b44f5fbf874ea565d566c7a149e0be4333d07d1c896dba9aa0a308a35e990e41_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:4610b8989b6fae91da065da2a50f661dd044ea22452372c4321f74a935c6de7c_amd64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:64aa10ced42edb3481d94d62261f56fa991220e9eeec7b142fda6b95a5c2d69d_arm64", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:d67c7a2032a92737c0f9ab9ff2f181b3e15d53203bd4cbb6eef9b3d9655631e4_s390x", "9Base-RHODF-4.13:odf4/ocs-rhel9-operator@sha256:ec86e82a9fc412e174561fe9f808b05cee716c7e6498498c3b3d32e48d6f19ed_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:97d94bc216b9265135493a262ffcd39a7c5f9f67cdcac39c0a7c4378ded420b9_amd64", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:b0981a245672d2f918cad4d5e4a43f1fdd403d446e3f890de18b0dc71141dc1c_ppc64le", "9Base-RHODF-4.13:odf4/odf-console-rhel9@sha256:d13cad8671f69122e33afde5e53b0a9e0728fbfac2df3e981b14bc57b990f210_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:23c631bed1bca5a339c63032bf4b02edb27f0f0d15a81de66208dd7328a22f6b_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:531016e1b8d56e49130ef8a9610223142c0410b41c7e099d5fa08289afa99306_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-operator-bundle@sha256:e3265779c83c26832c898c9f64ec1287a8e63a32433a8303b8e3952e008a3ae9_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:328ebea8a0577b3b3f5df2ddfda109134350f700ccde362834ca4aa88614cde8_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:841ce1cde9d230458bd071fa943ebfc3dda29fc0e63ebabd2dad8bdd055acfa0_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:a8f28a0c576d5eabfa1b11cb3ca94cfaca7d295a3f419f3557a0d9cbb6f91135_amd64", "9Base-RHODF-4.13:odf4/odf-csi-addons-rhel9-operator@sha256:fb35cb085e41eabcc8d8a8cb5b9981968361642f1d15a011d537f7422a2c832b_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:10884ba2e3e9b44fa49347567caa01966578ac3ca45d50a37e0650a98aa095e6_s390x", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:16af2c689218d80e450101428796ecbbef331bfbb9153eb328670477284a2684_arm64", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:3785b04c0d5464eb4514bd3b98e59b2b39815a58e0afc2730104e4e69613ad87_ppc64le", "9Base-RHODF-4.13:odf4/odf-csi-addons-sidecar-rhel9@sha256:eada63799fc6cb128d2a05a2324700500e1ea2f0dc573899832782ef568ce2a9_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:1225db4ef5dd45e5886949babd7db2b5679be927e3a5324d1d0737ba7be96aa3_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:4043076d1e3cdb560ef5ad4b4f06a911590105e655c34d083751be9b1f070423_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-console-rhel9@sha256:889eb0d94a9a573e42d04e4edbd97a389d74157c94bee674df17b2184de1fcde_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:33c136b3d0e5ed8d4fb781566c2bac3cdc01c30e0351035bf962f35203af87a2_ppc64le", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:593cf98fc32b66381bd7e324c89b0a21b7ffec63541bb403b900121d712237f9_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-operator-bundle@sha256:caa3e66684c046b1a4ce3fdc1d617b65fcc78a330268069a9cc02e071501c482_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:1635e20f43a11759364b2ab5a52c5cee9cd2bc141888b6857f3e3703b90e8eee_arm64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:811dfbb10cd4012b8765d751d52c44b40469bf4758cd284b8edf6093cb7123a2_amd64", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:a6dbf5d5d116661fd99348452bbb89458a7cf9326ff64aea285dcb4b0a9893cf_s390x", "9Base-RHODF-4.13:odf4/odf-multicluster-rhel9-operator@sha256:f67f2ba7c47e14c493d22a500423c92b0cc01f8d9570aa3f51a0cb1957f836af_ppc64le", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:a42dd93af9e17fe4af792ccc4c92487f33bf38e1642e21f8e86e23fa86e78a68_arm64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:b64b3f6b1e423e2fcc5c9af6434c8bf0c03498070379b948d82eced1d3b94cbf_amd64", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:dd3eddf1183c67b1011f35f15b85fd5998edb1812852a3b51f1c2971d5155870_s390x", "9Base-RHODF-4.13:odf4/odf-must-gather-rhel9@sha256:e657739355245310c8182c682bc003ce0d3d6abac6115c34a9ca7ffaf8983ade_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:11849f9242099ab4a4b16c6160f23a8a460d41146e2a3e850e7299ab3fd13f04_ppc64le", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:31c6af39b67cb39bfe954cee68825094198d12c7f14542ca284ed609c40b32e8_s390x", "9Base-RHODF-4.13:odf4/odf-operator-bundle@sha256:64c9d563c9c5e193325f923844b676faa3bbe5c0657b7dee743e03b29c018cef_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:0b5657e09bc199379108afec4b858f1dc2289e705e2e14d383fc3ddaa307c6bf_amd64", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:b284b72288e596677427b6ac51fb142fe6b84f5c3b6f43d395bc403643c443cf_s390x", "9Base-RHODF-4.13:odf4/odr-cluster-operator-bundle@sha256:fe5ccee2ea5902cef3f8c9a94fb9be9516013cc7376e088710fef4a85310db9f_ppc64le", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:0699f1e80453ed3a9bff43c3e431ddd786dafd2f166b62b94f18dc77f4467b25_amd64", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:3d438d91ac261b77075da23d9d08dd603fdbc99aa2c1d4c50681feea5dcfbbc1_s390x", "9Base-RHODF-4.13:odf4/odr-hub-operator-bundle@sha256:51d49bd086645a17b80c40e800d88b0a818de8f5ddc1814f6dc23102da920eb2_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:3d26a840d8a42838bb8bc3ba51cac65f3a502450644e30e9331ea08d805c1ec1_ppc64le", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:4c5294036e2e5e0afc6a177d5172e85bcb347b0f4a71ce48847834e677047615_amd64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:cc99437c3b06b4bf307f36ebf533bdbd3721c43035044a972d69258b9414555d_arm64", "9Base-RHODF-4.13:odf4/odr-rhel9-operator@sha256:dff514a42676f68e0faef651dd14ca91fd8a21f4911c7525fbfa965b748d6317_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25000" }, { "category": "external", "summary": "RHBZ#2182972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25000", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25000" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25000", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25000" }, { "category": "external", "summary": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078", "url": "https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078" } ], "release_date": "2023-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-21T15:22:11+00:00", "details": "These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.13/html/4.13_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images that provide numerous bug fixes and enhancements.", "product_ids": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:0564c1165a893f0eea270f636cef8fb9c75704b73bd8ae291a5438122be64484_s390x", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:26663e4d48a70edb4fd100fd86819398ef84da4f9e9da077a4e36deb5c002d9b_amd64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:98ded63b6b4180c52715a6d580afb9b212c4643d53ccc9e00993e2d1bcd41396_arm64", "9Base-RHODF-4.13:odf4/odf-rhel9-operator@sha256:d223f6995bdea0799c8201b658aa81c36ae00188be030012b89d8cda643f4ed8_ppc64le", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:61ec798f3d2bab62b4e56ecba236359e2edd3dd1a7095b839a36530a9b90c98f_s390x", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:9d9289a4b9d4342db67022b0da93249b38f98a499fb6442912528611fde35266_amd64", "9Base-RHODF-4.13:odf4/rook-ceph-rhel9-operator@sha256:c9054d4393cfe4a11e81c5e73f2349c12f315caaabd05a060de0a39effb43bd0_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations" } ] }
rhsa-2023_1743
Vulnerability from csaf_redhat
Published
2023-04-12 15:03
Modified
2024-11-15 17:14
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1743", "url": "https://access.redhat.com/errata/RHSA-2023:1743" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "2175826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175826" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1743.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-15T17:14:11+00:00", "generator": { "date": "2024-11-15T17:14:11+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1743", "initial_release_date": "2023-04-12T15:03:07+00:00", "revision_history": [ { "date": "2023-04-12T15:03:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T15:03:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:14:11+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8070020230306170042:bd1311ed", "product": { "name": "nodejs:14:8070020230306170042:bd1311ed", "product_id": "nodejs:14:8070020230306170042:bd1311ed", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8070020230306170042:bd1311ed" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "product": { "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "product_id": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "product": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.7.0%2B18531%2B81d21ca6?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, "product_reference": "nodejs:14:8070020230306170042:bd1311ed", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch" }, "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64 as a component of nodejs:14:8070020230306170042:bd1311ed as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64", "relates_to_product_reference": "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T15:03:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1743" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debuginfo-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-debugsource-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-devel-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-docs-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-full-i18n-1:14.21.3-1.module+el8.7.0+18531+81d21ca6.x86_64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-nodemon-0:2.0.20-3.module+el8.7.0+18531+81d21ca6.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.aarch64", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.ppc64le", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.s390x", "AppStream-8.7.0.Z.MAIN:nodejs:14:8070020230306170042:bd1311ed:npm-1:6.14.18-1.14.21.3.1.module+el8.7.0+18531+81d21ca6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_1428
Vulnerability from csaf_redhat
Published
2023-03-23 02:16
Modified
2024-11-15 15:04
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.8 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The velero image cannot be overridden in the operator (BZ#2143389)
* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)
* UI fails to render the 'migrations' page: "Cannot read properties of undefined (reading 'name')" (BZ#2163485)
* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.7.8 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The velero image cannot be overridden in the operator (BZ#2143389)\n\n* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)\n\n* UI fails to render the \u0027migrations\u0027 page: \"Cannot read properties of undefined (reading \u0027name\u0027)\" (BZ#2163485)\n\n* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1428", "url": "https://access.redhat.com/errata/RHSA-2023:1428" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "2143389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143389" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2152149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152149" }, { "category": "external", "summary": "2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "2163485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163485" }, { "category": "external", "summary": "2165020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020" }, { "category": "external", "summary": "2165797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2173742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173742" }, { "category": "external", "summary": "MIG-1298", "url": "https://issues.redhat.com/browse/MIG-1298" }, { "category": "external", "summary": "MIG-1315", "url": "https://issues.redhat.com/browse/MIG-1315" }, { "category": "external", "summary": "MIG-1318", "url": "https://issues.redhat.com/browse/MIG-1318" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update", "tracking": { "current_release_date": "2024-11-15T15:04:36+00:00", "generator": { "date": "2024-11-15T15:04:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1428", "initial_release_date": "2023-03-23T02:16:09+00:00", "revision_history": [ { "date": "2023-03-23T02:16:09+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-23T02:16:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:04:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.7", "product": { "name": "8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.8-6" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.8-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.8-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.8-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.8-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.8-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.8-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64" }, "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64" }, "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36567", "cwe": { "id": "CWE-117", "name": "Improper Output Neutralization for Logs" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156683" } ], "notes": [ { "category": "description", "text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.", "title": "Vulnerability description" }, { "category": "summary", "text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36567" }, { "category": "external", "summary": "RHBZ#2156683", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d", "url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d" }, { "category": "external", "summary": "https://github.com/gin-gonic/gin/pull/2237", "url": "https://github.com/gin-gonic/gin/pull/2237" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2020-0001", "url": "https://pkg.go.dev/vuln/GO-2020-0001" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "cve": "CVE-2022-25927", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165020" } ], "notes": [ { "category": "description", "text": "A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.", "title": "Vulnerability description" }, { "category": "summary", "text": "ua-parser-js: ReDoS vulnerability via the trim() function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25927" }, { "category": "external", "summary": "RHBZ#2165020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25927", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927" } ], "release_date": "2023-01-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ua-parser-js: ReDoS vulnerability via the trim() function" }, { "cve": "CVE-2022-37603", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2022-11-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140597" } ], "notes": [ { "category": "description", "text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37603" }, { "category": "external", "summary": "RHBZ#2140597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603" } ], "release_date": "2022-10-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: Regular expression denial of service" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-46175", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-26T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156263" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.", "title": "Vulnerability description" }, { "category": "summary", "text": "json5: Prototype Pollution in JSON5 via Parse Method", "title": "Vulnerability summary" }, { "category": "other", "text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46175" }, { "category": "external", "summary": "RHBZ#2156263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175" }, { "category": "external", "summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h", "url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h" } ], "release_date": "2022-12-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "json5: Prototype Pollution in JSON5 via Parse Method" }, { "cve": "CVE-2022-48285", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2023-01-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165797" } ], "notes": [ { "category": "description", "text": "A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jszip: directory traversal via a crafted ZIP archive", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-48285" }, { "category": "external", "summary": "RHBZ#2165797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48285", "url": "https://www.cve.org/CVERecord?id=CVE-2022-48285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285" }, { "category": "external", "summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499" }, { "category": "external", "summary": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15", "url": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15" }, { "category": "external", "summary": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0", "url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0" }, { "category": "external", "summary": "https://www.mend.io/vulnerability-database/WS-2023-0004", "url": "https://www.mend.io/vulnerability-database/WS-2023-0004" } ], "release_date": "2023-01-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-23T02:16:09+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1428" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jszip: directory traversal via a crafted ZIP archive" } ] }
rhsa-2023_4983
Vulnerability from csaf_redhat
Published
2023-09-05 18:37
Modified
2024-11-15 17:27
Summary
Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update
Notes
Topic
An update is now available for Red Hat Process Automation Manager.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
This asynchronous security patch is an update to Red Hat Process Automation Manager 7.
Security Fixes:
* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)
* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
* RESTEasy: creation of insecure temp files (CVE-2023-0482)
* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Process Automation Manager.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which provides a detailed severity rating, is available for each vulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis asynchronous security patch is an update to Red Hat Process Automation Manager 7.\n\nSecurity Fixes:\n\n* apache-bcel: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* loader-utils: regular expression denial of service in interpolateName.js (CVE-2022-37599)\n\n* protobuf-java: timeout in parser leads to DoS (CVE-2022-3171)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\n* sshd-core: mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server (CVE-2021-30129)\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:4983", "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1981527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2134291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291" }, { "category": "external", "summary": "2134872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872" }, { "category": "external", "summary": "2137645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645" }, { "category": "external", "summary": "2142707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2166004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2209342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342" }, { "category": "external", "summary": "RHPAM-4639", "url": "https://issues.redhat.com/browse/RHPAM-4639" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4983.json" } ], "title": "Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update", "tracking": { "current_release_date": "2024-11-15T17:27:44+00:00", "generator": { "date": "2024-11-15T17:27:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:4983", "initial_release_date": "2023-09-05T18:37:03+00:00", "revision_history": [ { "date": "2023-09-05T18:37:03+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-09-05T18:37:03+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:27:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHPAM 7.13.4 async", "product": { "name": "RHPAM 7.13.4 async", "product_id": "RHPAM 7.13.4 async", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-30129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-07-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1981527" } ], "notes": [ { "category": "description", "text": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Critical flaws.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-30129" }, { "category": "external", "summary": "RHBZ#1981527", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981527" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-30129", "url": "https://www.cve.org/CVERecord?id=CVE-2021-30129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30129" } ], "release_date": "2021-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server" }, { "cve": "CVE-2022-3143", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2022-09-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124682" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: possible timing attacks via use of unsafe comparator", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3143" }, { "category": "external", "summary": "RHBZ#2124682", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124682" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3143", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3143" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3143" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: possible timing attacks via use of unsafe comparator" }, { "cve": "CVE-2022-3171", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2022-10-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2137645" } ], "notes": [ { "category": "description", "text": "A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.", "title": "Vulnerability description" }, { "category": "summary", "text": "protobuf-java: timeout in parser leads to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3171" }, { "category": "external", "summary": "RHBZ#2137645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137645" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3171", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171" }, { "category": "external", "summary": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2", "url": "https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2" } ], "release_date": "2022-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "protobuf-java: timeout in parser leads to DoS" }, { "cve": "CVE-2022-3509", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184161" } ], "notes": [ { "category": "description", "text": "A flaw was found in Textformat in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", "title": "Vulnerability description" }, { "category": "summary", "text": "protobuf-java: Textformat parsing issue leads to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3509" }, { "category": "external", "summary": "RHBZ#2184161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184161" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3509", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509" } ], "release_date": "2022-12-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "protobuf-java: Textformat parsing issue leads to DoS" }, { "cve": "CVE-2022-3510", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "discovery_date": "2022-12-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184176" } ], "notes": [ { "category": "description", "text": "A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbage collection pauses.", "title": "Vulnerability description" }, { "category": "summary", "text": "protobuf-java: Message-Type Extensions parsing issue leads to DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3510" }, { "category": "external", "summary": "RHBZ#2184176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184176" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3510", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510" } ], "release_date": "2022-12-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "protobuf-java: Message-Type Extensions parsing issue leads to DoS" }, { "cve": "CVE-2022-4492", "cwe": { "id": "CWE-550", "name": "Server-generated Error Message Containing Sensitive Information" }, "discovery_date": "2022-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2153260" } ], "notes": [ { "category": "description", "text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Server identity in https connection is not checked by the undertow client", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4492" }, { "category": "external", "summary": "RHBZ#2153260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4492" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492" } ], "release_date": "2022-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Server identity in https connection is not checked by the undertow client" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-37599", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "loader-utils: regular expression denial of service in interpolateName.js", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-37599" }, { "category": "external", "summary": "RHBZ#2134872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-37599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37599" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g", "url": "https://github.com/advisories/GHSA-hhq3-ff78-jv3g" }, { "category": "external", "summary": "https://github.com/webpack/loader-utils/issues/211", "url": "https://github.com/webpack/loader-utils/issues/211" } ], "release_date": "2022-10-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "RHPAM 7.13.4 async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "loader-utils: regular expression denial of service in interpolateName.js" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-40152", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134291" } ], "notes": [ { "category": "description", "text": "A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service (DoS) in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the DTD parsing functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40152" }, { "category": "external", "summary": "RHBZ#2134291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134291" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40152", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4", "url": "https://github.com/advisories/GHSA-3f7h-mf4q-vrm4" } ], "release_date": "2022-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks" }, { "cve": "CVE-2022-41854", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2151988" } ], "notes": [ { "category": "description", "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "dev-java/snakeyaml: DoS via stack overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41854" }, { "category": "external", "summary": "RHBZ#2151988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355" }, { "category": "external", "summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355" } ], "release_date": "2022-11-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dev-java/snakeyaml: DoS via stack overflow" }, { "cve": "CVE-2022-42920", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-11-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2142707" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.", "title": "Vulnerability description" }, { "category": "summary", "text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42920" }, { "category": "external", "summary": "RHBZ#2142707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920" }, { "category": "external", "summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4", "url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "RHPAM 7.13.4 async" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2023-0482", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2166004" } ], "notes": [ { "category": "description", "text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", "title": "Vulnerability description" }, { "category": "summary", "text": "RESTEasy: creation of insecure temp files", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0482" }, { "category": "external", "summary": "RHBZ#2166004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0482" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "RESTEasy: creation of insecure temp files" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-20861", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-03-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180530" } ], "notes": [ { "category": "description", "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Spring Expression DoS Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20861" }, { "category": "external", "summary": "RHBZ#2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: Spring Expression DoS Vulnerability" }, { "cve": "CVE-2023-20883", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-05-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2209342" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Boot, occurring prominently in Spring MVC with a reverse proxy cache. This issue requires Spring MVC to have auto-configuration enabled and the application to use Spring Boot\u0027s welcome page support, either static or templated, resulting in the application being deployed behind a proxy that caches 404 responses. This issue may cause a denial of service (DoS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-boot: Spring Boot Welcome Page DoS Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20883" }, { "category": "external", "summary": "RHBZ#2209342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209342" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20883", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20883" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20883" } ], "release_date": "2023-05-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-boot: Spring Boot Welcome Page DoS Vulnerability" }, { "cve": "CVE-2023-24998", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172298" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", "title": "Vulnerability description" }, { "category": "summary", "text": "FileUpload: FileUpload DoS with excessive parts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHPAM 7.13.4 async" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24998" }, { "category": "external", "summary": "RHBZ#2172298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172298" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998" }, { "category": "external", "summary": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", "url": "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5" } ], "release_date": "2023-02-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-09-05T18:37:03+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "RHPAM 7.13.4 async" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:4983" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHPAM 7.13.4 async" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "FileUpload: FileUpload DoS with excessive parts" } ] }
rhsa-2023_1533
Vulnerability from csaf_redhat
Published
2023-03-30 13:06
Modified
2024-11-15 17:13
Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Notes
Topic
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1533", "url": "https://access.redhat.com/errata/RHSA-2023:1533" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "2142823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142823" }, { "category": "external", "summary": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "2175828", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175828" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1533.json" } ], "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-15T17:13:52+00:00", "generator": { "date": "2024-11-15T17:13:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1533", "initial_release_date": "2023-03-30T13:06:07+00:00", "revision_history": [ { "date": "2023-03-30T13:06:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-30T13:06:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:13:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nodejs:14:8040020230306170312:522a0ee4", "product": { "name": "nodejs:14:8040020230306170312:522a0ee4", "product_id": "nodejs:14:8040020230306170312:522a0ee4", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/nodejs@14:8040020230306170312:522a0ee4" } } }, { "category": "product_version", "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product": { "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product_id": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src" } } }, { "category": "product_version", "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, "product_reference": "nodejs:14:8040020230306170312:522a0ee4", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch" }, "product_reference": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src" }, "product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src" }, "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" }, { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 as a component of nodejs:14:8040020230306170312:522a0ee4 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" }, "product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-35065", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156324" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "glob-parent: Regular Expression Denial of Service", "title": "Vulnerability summary" }, { "category": "other", "text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-35065" }, { "category": "external", "summary": "RHBZ#2156324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065", "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065" }, { "category": "external", "summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294", "url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294" } ], "release_date": "2022-12-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "glob-parent: Regular Expression Denial of Service" }, { "cve": "CVE-2021-44906", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066009" } ], "notes": [ { "category": "description", "text": "An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "minimist: prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. While this flaw (CVE-2021-44906) enables attackers to control objects that they should not have access to, actual exploitation would still require a chain of independent flaws. Even though the CVSS for CVE-2021-44906 is higher than CVE-2020-7598, they are both rated as having Moderate impact.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44906" }, { "category": "external", "summary": "RHBZ#2066009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h", "url": "https://github.com/advisories/GHSA-xvch-5gv4-984h" } ], "release_date": "2022-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "minimist: prototype pollution" }, { "cve": "CVE-2022-3517", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2022-06-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2134609" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-minimatch: ReDoS via the braceExpand function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3517" }, { "category": "external", "summary": "RHBZ#2134609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517" } ], "release_date": "2022-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-minimatch: ReDoS via the braceExpand function" }, { "cve": "CVE-2022-4904", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-02-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168631" } ], "notes": [ { "category": "description", "text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "c-ares: buffer overflow in config_sortlist() due to missing string length check", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4904" }, { "category": "external", "summary": "RHBZ#2168631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904" }, { "category": "external", "summary": "https://github.com/c-ares/c-ares/issues/496", "url": "https://github.com/c-ares/c-ares/issues/496" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "c-ares: buffer overflow in config_sortlist() due to missing string length check" }, { "cve": "CVE-2022-24999", "cwe": { "id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)" }, "discovery_date": "2022-12-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150323" } ], "notes": [ { "category": "description", "text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "express: \"qs\" prototype poisoning causes the hang of the node process", "title": "Vulnerability summary" }, { "category": "other", "text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24999" }, { "category": "external", "summary": "RHBZ#2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999" }, { "category": "external", "summary": "https://github.com/expressjs/express/releases/tag/4.17.3", "url": "https://github.com/expressjs/express/releases/tag/4.17.3" }, { "category": "external", "summary": "https://github.com/ljharb/qs/pull/428", "url": "https://github.com/ljharb/qs/pull/428" }, { "category": "external", "summary": "https://github.com/n8tz/CVE-2022-24999", "url": "https://github.com/n8tz/CVE-2022-24999" } ], "release_date": "2022-11-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "express: \"qs\" prototype poisoning causes the hang of the node process" }, { "cve": "CVE-2022-25881", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2023-01-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165824" } ], "notes": [ { "category": "description", "text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25881" }, { "category": "external", "summary": "RHBZ#2165824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability" }, { "acknowledgments": [ { "names": [ "VVX7" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-35256", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-09-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2130518" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-35256" }, { "category": "external", "summary": "RHBZ#2130518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256", "url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256" } ], "release_date": "2022-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields" }, { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "decode-uri-component: improper input validation resulting in DoS" }, { "cve": "CVE-2022-43548", "cwe": { "id": "CWE-350", "name": "Reliance on Reverse DNS Resolution for a Security-Critical Action" }, "discovery_date": "2022-11-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140911" } ], "notes": [ { "category": "description", "text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: DNS rebinding in inspect via invalid octal IP address", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43548" }, { "category": "external", "summary": "RHBZ#2140911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548", "url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548" } ], "release_date": "2022-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: DNS rebinding in inspect via invalid octal IP address" }, { "cve": "CVE-2023-23918", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171935" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: Permissions policies can be bypassed via process.mainModule", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23918" }, { "category": "external", "summary": "RHBZ#2171935", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Node.js: Permissions policies can be bypassed via process.mainModule" }, { "cve": "CVE-2023-23920", "cwe": { "id": "CWE-426", "name": "Untrusted Search Path" }, "discovery_date": "2023-02-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2172217" } ], "notes": [ { "category": "description", "text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "title": "Vulnerability description" }, { "category": "summary", "text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23920" }, { "category": "external", "summary": "RHBZ#2172217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920" } ], "release_date": "2023-02-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-30T13:06:07+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1533" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x", "AppStream-8.4.0.Z.EUS:nodejs:14:8040020230306170312:522a0ee4:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable" } ] }
rhsa-2023_6316
Vulnerability from csaf_redhat
Published
2023-11-07 08:32
Modified
2024-11-14 00:14
Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Notes
Topic
An update for pcs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for pcs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6316", "url": "https://access.redhat.com/errata/RHSA-2023:6316" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index" }, { "category": "external", "summary": "1423473", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423473" }, { "category": "external", "summary": "1465829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465829" }, { "category": "external", "summary": "2160664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160664" }, { "category": "external", "summary": "2163440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163440" }, { "category": "external", "summary": "2163914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163914" }, { "category": "external", "summary": "2163953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163953" }, { "category": "external", "summary": "2168155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168155" }, { "category": "external", "summary": "2168617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168617" }, { "category": "external", "summary": "2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "2174735", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174735" }, { "category": "external", "summary": "2175881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175881" }, { "category": "external", "summary": "2177996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177996" }, { "category": "external", "summary": "2178714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178714" }, { "category": "external", "summary": "2179388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179388" }, { "category": "external", "summary": "2182810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182810" }, { "category": "external", "summary": "2210855", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210855" }, { "category": "external", "summary": "2216434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216434" }, { "category": "external", "summary": "2217850", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217850" }, { "category": "external", "summary": "2219407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219407" }, { "category": "external", "summary": "2222788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222788" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6316.json" } ], "title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-11-14T00:14:07+00:00", "generator": { "date": "2024-11-14T00:14:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2023:6316", "initial_release_date": "2023-11-07T08:32:01+00:00", "revision_history": [ { "date": "2023-11-07T08:32:01+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-07T08:32:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T00:14:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux High Availability (v. 9)", "product": { "name": "Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::highavailability" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Resilient Storage (v. 9)", "product": { "name": "Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:9::resilientstorage" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.11.6-3.el9.src", "product": { "name": "pcs-0:0.11.6-3.el9.src", "product_id": "pcs-0:0.11.6-3.el9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.11.6-3.el9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.11.6-3.el9.aarch64", "product": { "name": "pcs-0:0.11.6-3.el9.aarch64", "product_id": "pcs-0:0.11.6-3.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.11.6-3.el9?arch=aarch64" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.11.6-3.el9.aarch64", "product": { "name": "pcs-snmp-0:0.11.6-3.el9.aarch64", "product_id": "pcs-snmp-0:0.11.6-3.el9.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.11.6-3.el9?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.11.6-3.el9.ppc64le", "product": { "name": "pcs-0:0.11.6-3.el9.ppc64le", "product_id": "pcs-0:0.11.6-3.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.11.6-3.el9?arch=ppc64le" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.11.6-3.el9.ppc64le", "product": { "name": "pcs-snmp-0:0.11.6-3.el9.ppc64le", "product_id": "pcs-snmp-0:0.11.6-3.el9.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.11.6-3.el9?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.11.6-3.el9.x86_64", "product": { "name": "pcs-0:0.11.6-3.el9.x86_64", "product_id": "pcs-0:0.11.6-3.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.11.6-3.el9?arch=x86_64" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.11.6-3.el9.x86_64", "product": { "name": "pcs-snmp-0:0.11.6-3.el9.x86_64", "product_id": "pcs-snmp-0:0.11.6-3.el9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.11.6-3.el9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.11.6-3.el9.s390x", "product": { "name": "pcs-0:0.11.6-3.el9.s390x", "product_id": "pcs-0:0.11.6-3.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.11.6-3.el9?arch=s390x" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.11.6-3.el9.s390x", "product": { "name": "pcs-snmp-0:0.11.6-3.el9.s390x", "product_id": "pcs-snmp-0:0.11.6-3.el9.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.11.6-3.el9?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64" }, "product_reference": "pcs-0:0.11.6-3.el9.aarch64", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le" }, "product_reference": "pcs-0:0.11.6-3.el9.ppc64le", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.s390x as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x" }, "product_reference": "pcs-0:0.11.6-3.el9.s390x", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.src as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.src" }, "product_reference": "pcs-0:0.11.6-3.el9.src", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64" }, "product_reference": "pcs-0:0.11.6-3.el9.x86_64", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.aarch64", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.ppc64le", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.s390x as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.s390x", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 9)", "product_id": "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.x86_64", "relates_to_product_reference": "HighAvailability-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64" }, "product_reference": "pcs-0:0.11.6-3.el9.aarch64", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le" }, "product_reference": "pcs-0:0.11.6-3.el9.ppc64le", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x" }, "product_reference": "pcs-0:0.11.6-3.el9.s390x", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.src" }, "product_reference": "pcs-0:0.11.6-3.el9.src", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.11.6-3.el9.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64" }, "product_reference": "pcs-0:0.11.6-3.el9.x86_64", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.aarch64", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.ppc64le", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.s390x", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.11.6-3.el9.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 9)", "product_id": "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64" }, "product_reference": "pcs-snmp-0:0.11.6-3.el9.x86_64", "relates_to_product_reference": "ResilientStorage-9.3.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-38900", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170644" } ], "notes": [ { "category": "description", "text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "decode-uri-component: improper input validation resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38900" }, { "category": "external", "summary": "RHBZ#2170644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "category": "external", "summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq", "url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq" } ], "release_date": "2022-11-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-07T08:32:01+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6316" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "HighAvailability-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "HighAvailability-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.src", "ResilientStorage-9.3.0.GA:pcs-0:0.11.6-3.el9.x86_64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.aarch64", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.ppc64le", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.s390x", "ResilientStorage-9.3.0.GA:pcs-snmp-0:0.11.6-3.el9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "decode-uri-component: improper input validation resulting in DoS" } ] }
gsd-2022-38900
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-38900", "description": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.", "id": "GSD-2022-38900", "references": [ "https://www.suse.com/security/cve/CVE-2022-38900.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-38900" ], "details": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.", "id": "GSD-2022-38900", "modified": "2023-12-13T01:19:22.143515Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "refsource": "MISC", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "name": "https://github.com/sindresorhus/query-string/issues/345", "refsource": "MISC", "url": "https://github.com/sindresorhus/query-string/issues/345" }, { "name": "FEDORA-2023-86d75130fe", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/" }, { "name": "FEDORA-2023-a4f0b29f6c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/" }, { "name": "FEDORA-2023-2e38c3756f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/" }, { "name": "FEDORA-2023-ae96dd6105", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/" }, { "name": "FEDORA-2023-b86fd9ad80", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "=0.2.0", "affected_versions": "Version 0.2.0", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-20", "CWE-937" ], "date": "2023-07-01", "description": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.", "fixed_versions": [ "0.2.1" ], "identifier": "CVE-2022-38900", "identifiers": [ "CVE-2022-38900", "GHSA-w573-4hg7-7wgq" ], "not_impacted": "All versions before 0.2.0, all versions after 0.2.0", "package_slug": "npm/decode-uri-component", "pubdate": "2022-11-28", "solution": "Upgrade to version 0.2.1 or above.", "title": "decode-uri-component vulnerable to Denial of Service (DoS)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-38900", "https://github.com/SamVerschueren/decode-uri-component/issues/5", "https://github.com/sindresorhus/query-string/issues/345", "https://github.com/advisories/GHSA-w573-4hg7-7wgq" ], "uuid": "a5994206-f97a-4d63-9437-4bc6f6b1dbe8" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-38900" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/sindresorhus/query-string/issues/345", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/sindresorhus/query-string/issues/345" }, { "name": "https://github.com/SamVerschueren/decode-uri-component/issues/5", "refsource": "MISC", "tags": [ "Exploit", "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "name": "FEDORA-2023-a4f0b29f6c", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/" }, { "name": "FEDORA-2023-86d75130fe", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/" }, { "name": "FEDORA-2023-2e38c3756f", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/" }, { "name": "FEDORA-2023-ae96dd6105", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/" }, { "name": "FEDORA-2023-b86fd9ad80", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2023-07-01T06:15Z", "publishedDate": "2022-11-28T13:15Z" } } }
ghsa-w573-4hg7-7wgq
Vulnerability from github
Published
2022-11-28 15:30
Modified
2023-03-31 16:05
Severity ?
Summary
decode-uri-component vulnerable to Denial of Service (DoS)
Details
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "decode-uri-component" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.2.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-38900" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2022-11-28T23:35:59Z", "nvd_published_at": "2022-11-28T13:15:00Z", "severity": "HIGH" }, "details": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.", "id": "GHSA-w573-4hg7-7wgq", "modified": "2023-03-31T16:05:14Z", "published": "2022-11-28T15:30:24Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900" }, { "type": "WEB", "url": "https://github.com/SamVerschueren/decode-uri-component/issues/5" }, { "type": "WEB", "url": "https://github.com/sindresorhus/query-string/issues/345" }, { "type": "WEB", "url": "https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9" }, { "type": "PACKAGE", "url": "https://github.com/SamVerschueren/decode-uri-component" }, { "type": "WEB", "url": "https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "decode-uri-component vulnerable to Denial of Service (DoS)" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.